While cleaning up my mess here, I found an old Cisco device, an old 1600 series router which I wanted to inspect before considering to throw it away. After some network magic I found the old IP I used but didn’t get over the password prompt to sneak around in the configs. My mood dropped instantly as I did forget it – until I remembered my USB to serial adapter.
To connect the serial cable I switched the router off and did my setup as follows:
8 data bits
1 stop bit
No flow control
Knowing Cisco stuff I remember that those devices have a bootloader which kicks off the operating system. If you send a “break” sequence while bootup you gain access to some nice functionality like changing the configuration it boots off. and that’s how it looks like:
*** System received an abort due to Break Key *** signal= 0x3, code= 0x500, context= 0x813ac158 PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030 rommon 1 > _
As I am now seeing a shell I can try to type my first command “confreg 0x2142”. After a second one, named “reset” a shell hails me:
8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started!
Honestly, that was the worst part. Without a password I am now able to get into the administration mode using the command “enable”. As I am interested in the previous configuration on the device I can copy it from the memory. That’s how it is done:
Router>enable Router#copy startup-config running-config Destination filename [running-config]? 1324 bytes copied in 2.35 secs (662 bytes/sec) Router#
In theory we are ready to sneak around, but I have to admit, if things break, I don’t want to fiddle around with the password anymore, so I overwrote it, changing the ‘enable secret’:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret < password > Router(config)#^Z
Now we are really ready. Our configuration rests in memory only, so we need to copy it back using: copy running-config startup-config
Last but not least we need to tell the device to boot from the old config again – which is done using “config-register 0x2102”. Then we are done, ready for all further resets and games.