0800 88 247 26 0203 51 007 18

UK HANDS-ON IT TRAINING EXPERTS

Recovering Passwords

Posted: October 19th, 2016

If you’re locked out of a router due to not knowing the password don’t worry you can easily get back into the router by changing the configuration register.

The configuration register (CR) is a 16bit number (2 Bytes) written into NVRAM that is used to tell the router where and how to boot, by default the CR is set to load the IOS from flash followed by getting the startup file from NVRAM.is whether to use the contents of NVRAM to load a router configuration.

The default setting for the configuration value on the Cisco router is 0x2102, this setting tells the router to boot normally, i.e take the IOS from Flash and find the Startup configuration from NVRAM.

Below is a table detailing the software configuration meanings
Bit Number Hex Meaning
• 00-03 0x0000-0x000F Boots Field Parameters:
• 0x0000 – Stays at the system bootstrap prompt.
• 0x0001 – Boots the first system image in onboard Flash memory (EPROM).
• 0x0002-0x000F- Specifies a default netboot filename. Enables boot system commands that override the default netboot filename.
• 06 0x0040 – Ignore NVRAM contents
• 07 0x0080 – Disable boot messages
• 08 0x0100 – Break disabled
• 10 0x0400 – IP broadcast with all zeros
• 5,11,12 0x0020, 0x0800, 0x1000 • Console line speed
• 13 0x2000 – Boots default ROM software if network boot fails
• 14 0x4000 – IP broadcasts do not have net numbers
• 15 0x8000 – Enables diagnostic messages
• Ignores NVRAM contents

Step 1: To view the current Configuration Register settings run the command ‘show version’
Here are the main steps to password recovery:

R1# show version | sec Conf
Configuration register is 0x2102

Step 2: Lets go through the steps to recover the router, first of all you need to have a console connection to the router since you will boot the router and during the initial first few moments of the routers boot cycle you will interrupt the boot sequence by performing a break, breaking the boot sequence will take the router into ROM monitor mode.

Your first step is to boot the router and perform a break. This is usually done by pressing the
Ctrl+Break key combination when using HyperTerminal or Alt+B with Tera Term while the router first reboots.

After you’ve performed a break, you should see something like this for a 1841 series router

%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c1841 platform with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled
rommon 1 >

At this point, you will be at the rommon 1> prompt, which is called ROM monitor mode.

Step 2: Change the configuration register by using the config-register command. To turn on bit 6, use the configuration register value 0x2142. Remember that if you change the configuration register to 0x2142, the startup-config will be bypassed and the router will load into setup mode.

rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

Step 3: The router will reload and ask if you want to use setup mode (because no startup-config is used). Answer no to entering setup mode, press Enter to go into user mode, and then type enable to go into privileged mode.

Step 4: Now you’re past the point where you would need to enter the user-mode and privileged-mode
passwords in a router. Copy the startup-config file to the running-config file:

router# copy startup-config running-config

The configuration is now running in random access memory (RAM), and you’re in privileged
mode, meaning that you can now view and change the configuration. But you can’t view the
enable secret setting for the password since it is encrypted. To change the password, do this:

router# config t
router(conf)# enable secret cisco

Step 5: After you’re finished changing passwords, set the configuration register back to the default
value with the config-register command:

router(conf)# config-register 0x2102

Finally, save the new configuration with a copy running-config startup-config and reload the router.