思科防火墙密码怎么破解
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了思科防火墙密码怎么破解相关的知识,希望对你有一定的参考价值。
参考技术A ##交换机口令恢复按下MODE键(长按)后给交换机加电,然后点击虚拟终端的确定按钮
switch:flash_init
switch:load_helper
switch:dir flash:
switch:rename flash:config.text flash:config.bak
switch:boot
Switch#copy flash:config.bak system:running−config
Switch(config)#no enable secret
Switch#copy run start //or write
##路由器口令恢复
启动路由器,在60秒内按下CTRL+Break键
rommon1 > confreg 0x2142 //confreg值的具体含义参考网络文档,或者设备提示。
rommon2 > reset
Router> enable
Router# copy startup-config running-config
Router# config t
Router(config)# enable secret xxxxxx
Router(config)#config-register 0x2102
Router(config)#exit
Router# copy running-config startup-config
Router# reload
##ASA口令恢复
接上终端,开启CRT
通电观察终端提示,按照提示中断正常启动一般是Esc键
中断正常启动后将进入到rommon模式
按照下面操作方法操作即可:
Booting system, please wait...
CISCO SYSTEMS
Embedded Bios Version 1.0(11)2 01/25/06 13:21:26.17
Low Memory: 631 KB
High Memory: 512 MB
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 2578 Host Bridge
00 01 00 8086 2579 PCI-to-PCI Bridge
00 03 00 8086 257B PCI-to-PCI Bridge
00 1C 00 8086 25AE PCI-to-PCI Bridge
00 1D 00 8086 25A9 Serial Bus 11
00 1D 01 8086 25AA Serial Bus 10
00 1D 04 8086 25AB System
00 1D 05 8086 25AC IRQ Controller
00 1D 07 8086 25AD Serial Bus 9
00 1E 00 8086 244E PCI-to-PCI Bridge
00 1F 00 8086 25A1 ISA Bridge
00 1F 02 8086 25A3 IDE Controller 11
00 1F 03 8086 25A4 Serial Bus 5
00 1F 05 8086 25A6 Audio 5
02 01 00 8086 1075 Ethernet 11
03 01 00 177D 0003 Encrypt/Decrypt 9
03 02 00 8086 1079 Ethernet 9
03 02 01 8086 1079 Ethernet 9
03 03 00 8086 1079 Ethernet 9
03 03 01 8086 1079 Ethernet 9
04 02 00 8086 1209 Ethernet 11
04 03 00 8086 1209 Ethernet 5
Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Platform ASA5520
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
Management0/0
Ethernet auto negotiation timed out.
Interface-4 Link Not Established (check cable).
Default Interface number-4 Not Up
Use ? for help.
rommon #0> confreg
Current Configuration Register: 0x00000001
Configuration Summary:
boot default image from Flash
!!---这是个向导,不需修改的直接按回车即可---!!
Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]:
enable Flash boot? y/n [n]:
select specific Flash image index? y/n [n]:
disable system configuration? y/n [n]: y
go to ROMMON prompt if netboot fails? y/n [n]:
enable passing NVRAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]:
Current Configuration Register: 0x00000040
Configuration Summary:
boot ROMMON
ignore system configuration
Update Config Register (0x40) in NVRAM...
rommon #1>boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa802-k8.bin... Booting...
Loading...
Processor memory 418078720, Reserved memory: 41943040 (DSOs: 0 + kernel: 41943040)
Guest RAM start: 0xc7000080
Guest RAM end: 0xdd400000
Guest RAM brk: 0xc7001000
IO memory 79241216 bytes
IO memory start: 0xc2401000
IO memory end: 0xc6f93000
Total SSMs found: 0
Total NICs found: 7
mcwa i82557 Ethernet at irq 11 MAC: 001b.0ca2.4d85
mcwa i82557 Ethernet at irq 5 MAC: 0000.0001.0001
i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 00 MAC: 001b.0ca2.4d86
i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 01 MAC: 001b.0ca2.4d87
i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 02 MAC: 001b.0ca2.4d88
i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 03 MAC: 001b.0ca2.4d89
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5520 VPN Plus license.
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
--------------------------------------------------------------------------
. .
| |
||| |||
.|| ||. .|| ||.
.:||| | |||:..:||| | |||:.
C i s c o S y s t e m s
--------------------------------------------------------------------------
Cisco Adaptive Security Appliance Software Version 8.0(2)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2007 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Ignoring startup configuration as instructed by configuration register.
INFO: Converting to disk0:/
Type help or '?' for a list of available commands.
ciscoasa> en
Password:
ciscoasa# copy startup-config running-config
Destination filename [running-config]?
BJASA5520(config)# config-register ?
configure mode commands/options:
<0x0-0xffffffff> Configuration register value
BJASA5520(config)# config-register 0x00000001 //更改为正常的confreg值
BJASA5520(config)# wr
Building configuration...
这是我之前整理的笔记,常规路由交换防火墙的口令恢复方法。其他的也大同小异,有的在启动的时候终端会有启动提示。应该能够解决你的问题。
思科 ASA 5505 防火墙如何连接?
领导让我配置,我第一次接触防火墙,并打印了一份以前的配置单,全是一些代码,根本看不懂,OK暂且先不谈这个,我现在想问的是如何用电脑连接防火墙去配置,网线接哪?我已经下好那个配置工具了。
我这个防火墙是空白的,现在没有进行过任何设置的
你可以用网线连接防火墙上的一个接口(挨个尝试)与PC网卡,在PC上用抓包软件抓包,从抓包软件上你可以看到防火墙的IP地址,这样你就可以通过防火墙管理软件登录配置了!追问
如何连接ASA的console口啊?直接用网线一边连网卡一边连CONSOLE口吗?
追答如果用console线的话那就更加简单了,你用思科的串口线连接ASA的console口与PC的串口(9针DB头,在连接显示器那个串口旁边),然后用超级终端登录就好了,你尝试一下,可是是com1、或者com2,挨个试一试,波特率选9600就好了(如果不对查一下产品手册)。
参考技术A ASA防火墙eth0接口定义为outside区,Security-Level:0,接Router F0/0;ASA防火墙eth1接口定义为insdie区,Security-Level:100,接Switch的上联口;追问我想问的不是这个,是最基本的,我现在想用一台电脑连接到防火墙上,然后对其进行配置,我不知道怎么插网线,
追答缺省没有IP地址,需要连接CONSOLE口配个IP地址,,才能用配置工具
追问如何连接ASA的console口啊?直接用网线一边连网卡一边连CONSOLE口吗?
追答有一根蓝色的CONSOLE线 1头是RJ45口接到防火墙CONSOLE口,1头是串口,如果你的电脑有串口就直接接到电脑的串口,通过超级终端程序访问防火墙
本回答被提问者采纳 参考技术B 第一次配,需要用console口去配置以上是关于思科防火墙密码怎么破解的主要内容,如果未能解决你的问题,请参考以下文章