How to reset and configure a password-protected Cisco Router 800 / 890 Series
- Connect your rs232 Cisco cable (The blue one with rj45 connector => DB9) to pc and start hyperterminal / putty / screen / mincom etc..
(Parameters: 9600 Baud, N, 8, 1 (NO-Parity, 8 Bit, 1 Stopbit) Flow Control (Hardware, Software) AUS) - load the right config register from flash:
CONF-REGISTER:
cisco-01-0x2142-noram-empty
cisco-02-0x2102-normalconf - BOOT UP
Press Ctrl+Pause(Break) - (+ SHIFT) - You get ROMMON console
#
# Enter commands:
#
confreg 0x2142 # Switch to Ignored startup-config
reset # Reboot
# "Would you like to enter the initial configuration dialog? [yes/no]: no "
enable & configure t
config-register 0x2102 # switch back to the standard configuration-register
Strg+Z exit conf t
show startup-configuration # maybe decrypt some passwords here..
5 . You can now setup users & copy config to the rom
copy startup-config running-config
conf t
#Setup a password for user cisco
username cisco password cisco123
# Sets an encrypted password for enable mode on the router.
enable secret cisco
end
copy running-config startup-config
# Alternative OR: > write / reload
Setup config / Commandhelp
# USERS SHOW / EDIT / DELETE
# --------------------------
# show users like grep:
sh run | i ^username
# REGEX only with secret 5:
show running-config | i ^user.*\sec.*5
# edit / delete with NO in first position of command:
no username <USERNAME>
----
SSH
crypto key generate rsa -- 2048bits ssh2
---
Some infos about password setup / types
Type 0
this mean the password will not be encrypted when router store it in Run/Start Files
command:
enable password cisco123
Type 4
this mean the password will be encrypted when router store it in Run/Start Files using SHA-256
which apps like Cain can crack but will take long time
command :
enable secret 4 Rv4kArhts7yA2xd8BD2YTVbts
(notice above is not the password string it self but the hash of the password)
this type is deprecated starting from IOS 15.3(3)
Type 5
this mean the password will be encrypted when router store it in Run/Start Files using MD5
which apps like Cain can crack but will take long time
command:
enable secret 5 00271A5307542A02D22842
(notice above is not the password string it self but the hash of the password)
or
enable secret cisco123
(notice above is the password string it self)
Type 7
this mean the password will be encrypted when router store it in Run/Start Files using Vigenere cipher
which any website with type7 reverser can crack it in less than one second
command :
ena password cisco123
service password-encryption
Type 8
this mean the password will be encrypted when router store it in Run/Start Files using PBKDF2-SHA-256
starting from IOS 15.3(3).
Password-Based Key Derivation Function 2 (PBKDF2) with Secure Hash Algorithm, 26-bits (SHA-256) as the hashing algorithm
Example :
R1(config)#enable algorithm-type sha256 secret cisco
R1(config)#do sh run | i enable
enable secret 8 $8$mTj4RZG8N9ZDOk$elY/asfm8kD3iDmkBe3hD2r4xcA/0oWS5V3os.O91u.
Example :
R1(config)# username yasser algorithm-type sha256 secret cisco
R1# show running-config | inc username
username yasser secret 8 $8$dsYGNam3K1SIJO$7nv/35M/qr6t.dVc7UY9zrJDWRVqncHub1PE9UlMQFs
Type 9
this mean the password will be encrypted when router store it in Run/Start Files using scrypt as the hashing algorithm.
starting from IOS 15.3(3)
Example :
R1(config)#ena algorithm-type scrypt secret cisco
R1(config)#do sh run | i enable
enable secret 9 $9$WnArItcQHW/uuE$x5WTLbu7PbzGDuv0fSwGKS/KURsy5a3WCQckmJp0MbE
Example :
R1(config)# username demo9 algorithm-type scrypt secret cisco
R1# show running-config | inc username
username demo9 secret 9 $9$nhEmQVczB7dqsO$X.HsgL6x1il0RxkOSSvyQYwucySCt7qFm4v7pqCxkKM
Important Notes:
1-If you configure type 8 or type 9 passwords and then downgrade to a release that does not support type 8 and type 9 passwords, you must configure the type 5 passwords before downgrading. If not, you are locked out of the device and a password recovery is required.
2-Starting from IOS 15.3(3)The 4 keyword was deprecated and support for type 8 and type 9 algorithms were added and The warning message for removal of support for the type 4 algorithm was added.
Yasser Ramzy Auda
https://learningnetwork.cisco.com/s/article/cisco-routers-password-types
Example configure... show config...
!
! Last configuration change at 16:10:18 MESZ
! version 15.2
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SUUHMER-CISCO890
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXX
!
no aaa new-model
clock timezone MEZ 1 0
clock summer-time MESZ recurring last ...
!
no ip domain lookup
ip domain name SUUHMER-LABS.I
no ipv6 cef
!
!
archive
log config
hidekeys
vtp mode transparent
username ciscoadmin secret 5 XX
username tester password 7 XXX
!
!
controller VDSL 0
firmware filename flash:VA_A_39m_B_38u_24h.bin
!
vlan 32
name CLIENT
!
interface ATM0
description ADSL Interface
no ip address
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
no cdp enable
!
interface Ethernet0
no ip address
!
interface Ethernet0.7
description VDSL Interface
encapsulation dot1Q 7
pppoe enable group global
pppoe-client dial-pool-number 2
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
no ip address
no cdp enable
!
interface GigabitEthernet1
no ip address
no cdp enable
!
interface GigabitEthernet2
no ip address
shutdown
no cdp enable
!
interface GigabitEthernet3
no ip address
no cdp enable
!
interface GigabitEthernet4
no ip address
no cdp enable
!
interface GigabitEthernet5
no ip address
shutdown
no cdp enable
!
interface GigabitEthernet6
no ip address
no cdp enable
!
interface GigabitEthernet7
no ip address
no cdp enable
!
interface GigabitEthernet8
no ip address
duplex auto
speed auto
!
interface GigabitEthernet8.7
encapsulation dot1Q 7
pppoe enable group global
pppoe-client dial-pool-number 2
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
description Native VLAN
ip address 192.168.12.34 255.255.255.0
!
! Webinterface:
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1 11
ip route 0.0.0.0 0.0.0.0 Dialer2 22
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
!
!
banner login ^C
__ _ __
_______ ____ __/ /_ ____ ___ ___ _____(_))))
/ ___/ / / / / / / __ \/ __ `__ \/ _ \/ ___/ //
(__ ) /_/ / /_/ / / / / / / / / / __/ / / //
/____/\__,_/\__,_/_/ /_/_/ /_/ /_/\___/_(_)/_//
^C
!
line con 0
login local
no modem enable
line aux 0
login local
line vty 0 4
access-class 23 in
login local
length 0
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server pool.ntp.org
!
end