PIX506E密码恢复全过程
前两天有个客户的密码忘记了,拿到我这里来让我给破解,通过跟潘XING的交流,然后用陈jie好久以前
给的一个TFTP软件,就开始工作了。以下描述得有点语无伦次,大家就将就看看啦。
我在SPOTO的论坛上也看到了一个学员贴的一个相关的帖子,很感谢他给予的开导,谢谢。虽然我这个帖子跟他的重复了,不过我这个是真实反映出现场环境。大家看完后不要扔鸡蛋上来啊。
PIX506E> show version
Cisco PIX Firewall Version 6.3(5)--先看看版本号,这个决定你要下载什么样的软件来破解。
Cisco PIX Device Manager Version 3.0(2)
Compiled on Thu 04-Aug-05 21:40 by morlee
hualin-netbar up 1 hour 24 mins
Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: ethernet0: address is 0013.7f6d.4d9a, irq 10
1: ethernet1: address is 0013.7f6d.4d9b, irq 11
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 4
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
Serial Number: 809082556 (0x30399ebc)
Running Activation Key: 0xc2f13271 0x87a6566c 0x7344ef30 0x1a4f49df
Configuration has not been modified since last system restart.
PIX506E>
CISCO SYSTEMS PIX FIREWALL
Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
Compiled by morlee
32 MB RAM
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-506E
System Flash=E28F640J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.---在电源开启的几秒中内,在这里要选择“BREAK or ESC”进入monitor模式。很多帖子说是要按ctrl+break,这要看具体的型号来决定,开机时要注意看这些提示.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 0013.7f6d.4d9b--这里会显示与PC机相连的那个接口的MAC。这里是PIX506E的ethernet1.
Use ? for help.
monitor>interface 1--配置与PC连接的接口,这样的命令格式是错误的。
Invalid or incorrect command. Use 'help' for help.
monitor> interface ethernet 1--配置与PC连接的接口,这是正确的配置格式。有两个以太网口,eth0和eth1.
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
monitor> address 192.168.1.3--为这个接口配置IP。
address 192.168.1.3
monitor> server 192.168.1.2--PC机的IP,术语称为tftp服务器,这个名字听起来很洋气.
server 192.168.1.2
monitor> file np63.bin--“np63.bin”就是从CISCO网站下载的,必须与PIX的OS版本号相应。就是这个Version 6.3(5)
file np63.bin--为了给大家一次学习的机会,各位自己到CISCO网站上去找。
monitor> gateway 192.168.1.2--PC机的IP。
gateway 192.168.1.2
monitor>?
? this help message
address [addr] set IP address of the PIX interface on which
the TFTP server resides
file [name] set boot file name
gateway [addr] set IP gateway
help this help message
interface [num] ** TFTP interface
ping <addr> send ICMP echo
reload halt and reload system
server [addr] set server IP address
tftp TFTP download
timeout TFTP timeout
trace toggle packet tracing
monitor> ping 192.168.1.2--去ping一下PC机,TFTP软件安装所在地,看看能通否。
Sending 5, 100-byte 0x699e ICMP Echoes to 192.168.1.2, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp--既然可以通了,那就将安装在PC机上的TFTP软件运行起来吧。
tftp np63.bin@192.168.1.2 via 192.168.1.2.....................................................................................................................................................................................
Received 92160 bytes---会出现一条条点线。
Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003
System Flash=E28F640J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
Do you wish to erase the passwords? [yn] y--回答个yes
The following lines will be removed ** the configuration:
enable password ZE0u0nD/h/dl5S4n encrypted
passwd tTzjrHiN5VWNEhyi encrypted
aaa authentication ssh console LOCAL
Do you want to remove the commands listed above ** the configuration? [yn] y--回答个yes
Passwords and aaa commands have been erased.
Rebooting.. |
|熊猫同学技术论坛|小黑屋|
网络工程师论坛
( 沪ICP备09076391 )
发表于 2007-2-8 11:17:48
提升卡
置顶卡
变色卡
显身卡