How to reset and configure a password-protected Cisco Router 800 / 890 Series

How to reset and configure a password-protected Cisco Router 800 / 890 Series
  1. Connect your rs232 Cisco cable (The blue one with rj45 connector => DB9) to pc and start hyperterminal / putty / screen / mincom etc..
    (Parameters: 9600 Baud, N, 8, 1 (NO-Parity, 8 Bit, 1 Stopbit) Flow Control (Hardware, Software) AUS)
  2. load the right config register from flash:
    CONF-REGISTER:
    cisco-01-0x2142-noram-empty
    cisco-02-0x2102-normalconf
  3. BOOT UP
    Press Ctrl+Pause(Break) - (+ SHIFT)
  4. You get ROMMON console
#
# Enter commands:
#
confreg 0x2142 # Switch to Ignored startup-config
reset # Reboot

# "Would you like to enter the initial configuration dialog? [yes/no]: no "

enable & configure t
config-register 0x2102 # switch back to the standard configuration-register

Strg+Z exit conf t
show startup-configuration # maybe decrypt some passwords here..

5 . You can now setup users & copy config to the rom

copy startup-config running-config       

conf t                                                                      

#Setup a password for user cisco
username cisco password cisco123
# Sets an encrypted password for enable mode on the router.
enable secret cisco 

end                                                                          
copy running-config startup-config                                           
# Alternative OR: > write / reload                                           

Setup config / Commandhelp

# USERS SHOW / EDIT / DELETE
# --------------------------

# show users like grep: 
sh run | i ^username 

# REGEX only with secret 5: 
show running-config | i ^user.*\sec.*5

# edit / delete with NO in first position of command: 
no username <USERNAME>

----
SSH 
crypto key generate rsa -- 2048bits ssh2
---

Some infos about password setup / types

Type 0
this mean the password will not be encrypted when router store it in Run/Start Files
command:
enable password cisco123
Type 4
this mean the password will  be encrypted when router store it in Run/Start Files using SHA-256
which apps like Cain can crack but will take long time
command :
enable secret 4 Rv4kArhts7yA2xd8BD2YTVbts
(notice above is not the password string it self but the hash of the password)
this type is deprecated starting from IOS 15.3(3)
Type 5
this mean the password will  be encrypted when router store it in Run/Start Files using MD5
which apps like Cain can crack but will take long time
command:
enable secret 5 00271A5307542A02D22842
(notice above is not the password string it self but the hash of the password)
or
enable secret cisco123
(notice above is the password string it self)
Type 7
this mean the password will  be encrypted when router store it in Run/Start Files using Vigenere cipher
which any website with type7 reverser can crack it in less than one second
command :
ena password cisco123
service password-encryption
Type 8
this mean the password will  be encrypted when router store it in Run/Start Files using PBKDF2-SHA-256
starting from IOS 15.3(3).
Password-Based Key Derivation Function 2 (PBKDF2) with Secure Hash Algorithm, 26-bits (SHA-256) as the hashing algorithm
Example :
R1(config)#enable algorithm-type sha256 secret cisco
R1(config)#do sh run | i enable
enable secret 8 $8$mTj4RZG8N9ZDOk$elY/asfm8kD3iDmkBe3hD2r4xcA/0oWS5V3os.O91u.
Example :
R1(config)# username yasser algorithm-type sha256 secret cisco
R1# show running-config | inc username
username yasser secret 8 $8$dsYGNam3K1SIJO$7nv/35M/qr6t.dVc7UY9zrJDWRVqncHub1PE9UlMQFs
Type 9
this mean the password will  be encrypted when router store it in Run/Start Files using scrypt as the hashing algorithm.
starting from IOS 15.3(3)
Example :
R1(config)#ena algorithm-type scrypt secret cisco
R1(config)#do sh run | i enable
enable secret 9 $9$WnArItcQHW/uuE$x5WTLbu7PbzGDuv0fSwGKS/KURsy5a3WCQckmJp0MbE
Example :
R1(config)# username demo9 algorithm-type scrypt secret cisco
R1# show running-config | inc username
username demo9 secret 9 $9$nhEmQVczB7dqsO$X.HsgL6x1il0RxkOSSvyQYwucySCt7qFm4v7pqCxkKM
Important Notes:
1-If you configure type 8 or type 9 passwords and then downgrade to a release that does not support type 8 and type 9 passwords, you must configure the type 5 passwords before downgrading. If not, you are locked out of the device and a password recovery is required.
2-Starting from  IOS 15.3(3)The 4 keyword was deprecated and support for type 8 and type 9 algorithms were added and The warning message for removal of support for the type 4 algorithm was added.
Yasser Ramzy Auda
https://learningnetwork.cisco.com/s/article/cisco-routers-password-types

Example configure... show config...

!
! Last configuration change at 16:10:18 MESZ 
! version 15.2
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SUUHMER-CISCO890
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXX
!
no aaa new-model
clock timezone MEZ 1 0
clock summer-time MESZ recurring last ...
!
no ip domain lookup
ip domain name SUUHMER-LABS.I
no ipv6 cef
!
!
archive
 log config
  hidekeys
vtp mode transparent
username ciscoadmin secret 5 XX
username tester password 7 XXX
!
!
controller VDSL 0
 firmware filename flash:VA_A_39m_B_38u_24h.bin
!
vlan 32
 name CLIENT
!
interface ATM0
 description ADSL Interface
 no ip address
 no atm ilmi-keepalive
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
 no cdp enable
!
interface Ethernet0
 no ip address
!
interface Ethernet0.7
 description VDSL Interface
 encapsulation dot1Q 7
 pppoe enable group global
 pppoe-client dial-pool-number 2
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
 no ip address
 no cdp enable
!
interface GigabitEthernet1
 no ip address
 no cdp enable
!
interface GigabitEthernet2
 no ip address
 shutdown
 no cdp enable
!
interface GigabitEthernet3
 no ip address
 no cdp enable
!
interface GigabitEthernet4
 no ip address
 no cdp enable
!
interface GigabitEthernet5
 no ip address
 shutdown
 no cdp enable
!
interface GigabitEthernet6
 no ip address
 no cdp enable
!
interface GigabitEthernet7
 no ip address
 no cdp enable
!
interface GigabitEthernet8
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet8.7
 encapsulation dot1Q 7
 pppoe enable group global
 pppoe-client dial-pool-number 2
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Vlan1
 description Native VLAN
 ip address 192.168.12.34 255.255.255.0
!
! Webinterface:
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1 11
ip route 0.0.0.0 0.0.0.0 Dialer2 22
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
!
!
banner login ^C

                     __                        _ __
   _______  ____  __/ /_  ____ ___  ___  _____(_)))) 
  / ___/ / / / / / / __ \/ __ `__ \/ _ \/ ___/ // 
 (__  ) /_/ / /_/ / / / / / / / / /  __/ /  / //
/____/\__,_/\__,_/_/ /_/_/ /_/ /_/\___/_(_)/_//


^C
!
line con 0
 login local
 no modem enable
line aux 0
 login local
line vty 0 4
 access-class 23 in
 login local
 length 0
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server pool.ntp.org
!
end