網上搜到的有關ASA5505密碼破解的文章,居然全是一篇老外寫的文章,也沒人加點兒中文註釋,這事兒還是我來幹吧,其實不看英文也能成功破解密碼,因爲只需要用到文章裏提到的命令。
- Power-cycle your security appliance by removing and re-inserting the power plug at the power strip.
重新插拔電源線
-
When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode. You should immediately see a rommon prompt (rommon #0>).
按ESC鍵進入ROM Monitor模式,可以看到提示符rommon #0> -
At the rommon prompt, enter the confreg command to view the current configuration register setting: rommon #0>confreg
輸入命令confreg回車,查看當前的寄存器的值 -
The current configuration register should be the default of 0x01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.
寄存器的初始值爲0x01,ASA會出現詢問是否改變寄存器的設置,輸入no回車 -
You must change the configuration register to 0x41, which tells the appliance to ignore its saved (startup) configuration upon boot:
改變寄存器的值爲0x41
rommon #1>confreg 0x41
-
Reset the appliance with the boot command:
重啓設備
rommon #2>boot
-
Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt:
此時,ASA會跳過startup配置,啓動完成後直接進入用戶模式
ciscoasa>
-
Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank):
進入特權模式,密碼爲空
ciscoasa>enable
Password:
ciscoasa#
-
Copy the startup configuration file into the running configuration with the following command:
將startup配置保存至running配置中
ciscoasa#copy startup-config running-config
Destination filename [running-config]?
-
The previously saved configuration is now the active configuration, but since the security appliance is already in Privileged Mode, privileged access is not disabled. Next, in configuration mode, enter the following command to change the Privileged Mode password to a known value (in this case, we'll use the password system):
重新設置特權模式的密碼爲system
asa#conf t
asa(config)#enable password system
-
While still in Configuration Mode, reset the configuration register to the default of 0x01 to force the security appliance to read its startup configuration on boot:
改回寄存器的值,強制ASA從startup讀取配置啓動
asa(config)#config-register 0x01
-
Use the following commands to view the configuration register setting:
查看當前寄存器的值
asa(config)#exit
asa#show version
- At bottom of the output of the show version command, you should see the following statement: Configuration register is 0x41 (will be 0x1 at next reload)
在輸出的最後會看到寄存器的值會在重啓設備後由0x41變成0x1 -
Save the current configuration with the copy run start command to make the above changes persistent:
保存配置
asa#copy run start
Source filename [running-config]
- Reload the security appliance: asa# reload System config has been modified. Save? [Y]es/[N]o:yes
輸入reload命令重啓設備,詢問是否保存配置,輸入yes回車
Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf
2149 bytes copied in 1.480 secs (2149 bytes/sec) Proceed with reload? [confirm]
When your security appliance reloads, you should be able to use your newly reset password to enter privileged mode.
設備重啓後,你可以使用重置後的密碼進入特權模式