Cisco
PIX ·À»ðǽ¿ÚÁî»Ö¸´ÏÖ³¡Ðã
Ç°Á½ÌìÂòÁĘ̈CiscoPIX506E ·À»ðǽ£¬ÒòΪûÓпÚÁ²»ÄÜÓã¬PIX·À»ðǽһµ©¿ÚÁʧ£¬ÒªÏë»ñµÃ·À»ðǽµÄ·ÃÎÊȨÏÞ£¬ÐèҪɾ³ý¿ÚÁîÔÙ´ÎÖØÐÂÉèÖá£ÔÚÍøÕ¾ÕÒ
×ÊÁÏ £¬×öÊÔÑ飬¾Ò»Ð¡Ê±ºó¾Í°Ñ¿ÚÁîÆƽâÁË¡£·½·¨ºÜ¼òµ¥£¬ÏàÐÅ¿´ÍêÕâƪÎÄÕºó£¬ÕâЩÎÊÌâ¶ÔÄãÀ´Ëµ¾ÍÊÇС²ËÒ»µúÁË¡££¨ºÇºÇ£¬±ðÂô¹Ø×ÓÁË£¬ ½²°É£¡£©
ÎÄÕÂ˳Ðò
-Cisco¹ØÓÚÕâ¸öÎÊÌâµÄ¹Ù·½ÔÎÄ
-ÎÒµÄÔÎĽâÊÍ
-ÎҵĻָ´¾Àú
-ÆäËüÁ½¸öʵÀý
----------------------------------Begin--------------------- -------------------
Ò»¡¢ ÕâÊÇCisco¹Ù·½¹ØÓÚÕâ¸öÎÊÌâµÄÔÎÄ£º
CISCO PIX 500 SERIES FIREWALLS
Password Recovery and AAA Configuration Recovery Procedure for the PIX
Document ID: 8529
Contents
Introduction
Before You Begin
Conventions
Prerequisites
Step-by-Step Procedure
PIX With a Floppy Drive
PIX Without a Floppy Drive
Sample Output
Related Information
------------------------------------------------------------ --------------------
Introduction
This document describes how to recover a PIX password for PIX software releases through 6.3. Note that performing password recovery on the PIX erases only the password, not the configuration. If there are Telnet or console aaa authentication commands in versions 6.2 and greater, the system will also prompt to remove these.
Note: If you have configured AAA on the PIX and the AAA
server is down, you can access the PIX by entering the Telnet password initially, and then "pix" as the username and the enable password (enable password password) for the password. If there is no enable password in the PIX configuration, enter "pix" for the username and press ENTER. If the enable and Telnet passwords are set but not known, you will need to continue with the password recovery process.
The PIX Password Lockout Utility is based on the PIX software release you are running.
In addition to the required files listed in the next section, you will need the following items to follow the password recovery procedure:
A PC
A working serial terminal or terminal emulator
Approximately 10 minutes of PIX and network downtime
Before You Begin
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Prerequisites
To use the password recovery procedure, you need the PIX Password Lockout Utility, which includes the following files:
One of the following files, depending on the PIX software version you are running:
np63.bin (6.3 release)
np62.bin (6.2 release)
np61.bin (6.1 release)
np60.bin (6.0 release)
np53.bin (5.3 release)
np52.bin (5.2 release)
np51.bin (5.1 release)
np50.bin (5.0 release)
np44.bin (4.4 release)
nppix.bin (4.3 and earlier releases)
rawrite.exe (needed only for PIX machines with a floppy drive)
TFTP Server Software (needed only for PIX machines without a floppy drive) ¡ª TFTP server software is no longer available from Cisco.com, but you can find many TFTP servers by searching for "tftp server" on your favorite Internet search engine. Cisco does not specifically recommend any particular TFTP implementation.
Step-by-Step Procedure
PIX With a Floppy Drive
To recover your password, follow the steps below:
Execute the rawrite.exe file on your PC and answer the questions on the screen using the correct password recovery file.
Install a serial terminal or a PC with terminal emulation software on the PIX console port.
Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
Note: Because you are locked out, you will see only a password prompt.
Insert the PIX Password Lockout Utility disk into the floppy drive of the PIX.
Push the Reset button on the front of the PIX. The PIX will reboot from the floppy and print the message below:
Erasing Flash Password. Please eject diskette and reboot.
Eject the disk and press the Reset button. You will now be able to log in without a password. When you are prompted for a password, press ENTER.
The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.
PIX Without a Floppy Drive
To recover your password, follow the steps below:
Note: Sample output from the password recovery procedure is available below.
Install a serial terminal or a PC with terminal emulation software on the PIX console port.
Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.
Note: Because you are locked out, you will see only a password prompt.
Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK character or press the ESC key. The monitor> prompt is displayed. If needed, type ? (question mark) to list the available commands.
Use the interface command to specify which interface the ping traffic should use. For floppiless PIXes with only two interfaces, the monitor command defaults to the inside interface.
Use the address command to specify the IP address of the PIX Firewall's interface.
Use the server command to specify the IP address of the remote TFTP server containing the PIX password recovery file.
Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1 release uses a file named np51.bin.
If needed, enter the gateway command to specify the IP address of a router gateway through which the server is accessible.
If needed, use the ping command to verify accessibility. If this command fails, fix access to the server before continuing.
Use the tftp command to start the download.
As the password recovery file loads, the following message is displayed:
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Note: If there are Telnet or console aaa authentication commands in version 6.2, the system will also prompt to remove these.
The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.
Sample Output
The following example of floppiless PIX password recovery with the TFTP server on the outside interface is taken from a lab environment.
Network Diagram
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
monitor> address 10.21.1.99
address 10.21.1.99
monitor> server 172.18.125.3
server 172.18.125.3
monitor> file np52.bin
file np52.bin
monitor> gateway 10.21.1.1
gateway 10.21.1.1
monitor> ping 172.18.125.3
Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp
tftp np52.bin@172.18.125.3 via 10.21.1.1...................................
Received 73728 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
Do you wish to erase the passwords? [yn] y
Passwords have been erased.
Rebooting....
************************************************************ ***********
¶þ¡¢ÎÒ¶ÔÕâƪÎÄÕµĽâÊÍ£¨ÈçÓÐÎó£¬ÇëÖ´±Ê¸«Õý£©
½éÉÜ
ÕâƪÎÄÕ*÷Òª½éÉÜÔÚPIX6.3
Èí¼þ°æ±¾ÏÂÔõÑù»Ö¸´PIX¿ÚÁî¡£Õâ¸ö¿ÚÁî»Ö¸´³ÌÐòÖ»Õë¶ÔPIXµÄ¿ÚÁî»Ö¸´£¬²»ÄÜɾ³ýÆäÅäÖ㬵«ÊÇ ËüÒ²¿ÉÒÔͨ¹ýÌáʾȥ³ý¿ØÖÆ̨¡¢telnetºÍAAAÈÏÖ¤¿ÚÁî¡£
×¢£ºÈç¹ûÔÚ PIXÉÏÅäÖÃÓÐAAA£¬µ«ÊÇÕâ¸öAAA
·þÎñÆ÷¡°down¡±µôÁË£¬ÔÚÕâÖÖÇé¿öÏÂÄã¿ÉÒÔÓÃTelnetµÄ³õʼÃÜÂëͨ¹ýtelnetµÇ ¼µ½PIX½øÐпÚÁî»Ö¸´¡£¹ý³ÌÈçÏ£¬ÓÃpix×÷ΪÓû§Ãû£¬ÔÙÓÃenable password PASSWORD »Ö¸´enableģʽ¿ÚÁî¡£Èç¹ûÔÚPIXÉÏûÓÐÅäÖÃenable password£¬¾Í¿ÉÒÔÖ»ÊäpixÔٻسµ½øÈë¡£ÔÙÕßÉèÖÃÁËÃÜÂ룬µ«¸ãÍüÁË£¬Ã»Óа취£¬Ö»Óа´ÕÕÏÂÃæ³ÌÐòµÄÀ´ÁË¡£
Õâ¸öPIX¿ÚÁî»Ö¸´ÊµÓóÌÐòÒª¸ù¾Ýµ±Ç°ÔËÐÐPIXµÄÈí¼þ°æ±¾À´µÄÑ¡Ôñ¡£
ÏÂÃæÊÇÔÚºóÃæ¿ÚÁî»Ö¸´¹ý³ÌÖÐÐèÒª¾ß±¸µÄһЩÌõ¼þ£º
¡¤Ò»Ì¨PC
¡¤Ò»¸ö¿ÉÒÔͨ¹ý´®¿ÚÁ¬½Óµ½PIXµÄÖÕ¶Ë
¡¤´óÔ¼Òª°Ñ
ÍøÂçÍ£¸ö10À´·ÖÖÓ
ÔÚ¿ªÊ¼×ö֮ǰµÄ×¼±¸¹¤×÷
¹ßÀý£º
ÉÏÍø¿´Cisco¼¼ÊõÎĵµÕÒÏà¹Ø×ÊÁÏ
ÏȾöÌõ¼þ:
ÔÚ»Ö¸´¹ý³ÌÖУ¬ÎÒÃÇÒªÓõÃÏÂÃæһЩPIX¿ÚÁî»Ö¸´ÊµÓóÌÐò£º
¡¤Ò»¸ö¸ù¾Ýµ±Ç°ÔËÐеÄPIXÈí¼þ°æ±¾À´È·¶¨µÄnp**.bin£¨ÓÃÀ´»Ö¸´¿ÚÁîµÄµÄÖ÷ÒªÎļþ£©
¡¤Ò»¸öÖ»ÔÚÓÐÈíÇýPIX»ú×ÓÓõÃÉϵÄrawrite.exeд¶þ½øÖÆÎļþµ½ÈíÅ̵ijÌÐò
¡¤ÁíÍâÒªµÄÊÇÒ»¸öÔÚûÓÐÈíÇýµÄÐÂÐÍPIX»ú×ӱر¸µÄTFTP·þÎñÈí¼þ£¬Õâ¸öÈí¼þµ½´¦¶¼¿ÉÒÔ
ÏÂÔØ¡£CiscoûÓжÔÕâ¸öTFTP·þ ÎñÈí¼þ×÷ÌرðµÄÒªÇó£¬Ò»°ãµÄ¾ÍÐС£
ºÃÁË£¬¿ªÊ¼°´²½¾Í°àµÄÀ´°É
Ê×ÏÈÎÒÃÇÀ´ÔÚÒ»¸ö´øÓÐÈíÇýµÄPIX»ú×Ó½øÐпÚÁî»Ö¸´
µÚÒ»²½£¬ÔÚһ̨PC»úÉÏÓÃrawrite.exe³ÌÐò£¬°´ÕÕÆÁÄ»Ìáʾ°Ñnp**.binÎļþдµ½Ò»ÕÅ¿ÉÓõÄÈíÅÌÉÏ¡£
µÚ¶þ²½£¬ÕÒÒ»Ìõ¿ØÖÆ̨µÄרÓÃÏߣ¨rolloverÏߣ©°ÑPCÓëPIXÁ¬½ÓÆðÀ´¡£
µÚÈý²½£¬Í¨¹ý PC³¬¼¶Öն˽¨Á¢ÓëPIXÁ¬½Ó,È·±£´®¿ÚÏßûÓÐÎÊÌâ¡£(ÓÉÓÚûÓÐÕýÈ·µÄenable¿ÚÁÎÒÃÇÖ»ÄÜ¿´µ½ÃÜÂëÌáʾ·û)
µÚËIJ½£¬°Ñ¸Õ²ÅÎÒÃÇÓÃrawrite.exeдºÃµÄÈíÅ̲åÈëPIX»ú×ÓÈíÇý¡£
µÚÎå²½£¬½Ó×Å°´Ò»ÏÂPIX»ú×ӵĸ´Î»¼ü£¬PIXÕâ´Î´ÓÈíÅÌÒýµ¼£¬²¢ÔÚÆÁÄ»ÉÏÏÔʾÏÂÃæһЩÏûÏ¢:
Erasing Flash Password. Please eject diskette and reboot.
(¿ÚÁî»Ö¸´ÒѾ¸ã¶¨£¬Çë°Ñ ÈíÅÌÄóöÀ´ÔÙÖØÆô»ú×Ó)
µÚÁù²½£¬µ±ÄóöÈíÅÌ£¬°´Ï*ØÆô¼üºó£¬ÎÒÃǾͿÉÒÔ²»ÓÿÚÁî½øÈëPIXµÄIOSÁË¡£Èç¹û³öÏÖÌáʾҪ¿ÚÁ²»¹ÜËü£¬Ö±½Ó°´»Ø³µ¾Í¶ÔÁË¡£
µÚÆß²½£¬µ±Ç°Ãæ²½ÖèÍê³ÉÖ®ºó£¬PIXµÄÔ¶³ÌTelnet¿ÚÁî»Ö¸´³ÉĬÈϵÄ"cisco"£¬²¢ÇÒ½øÈëenableÌØȨģʽҲ²»ÐèÒªÃÜÂë¡£Òª¸Ä¿ÚÁîµÄ»°£¬½øÈë configurationÈ«¾Öģʽ£¬ÓÃpasswd your_passwordÃüÁî¸ÄÔ¶³Ìtelnet¿ÚÁÓÃenable password your_enable_passwordÃüÁÁ¢enableÌØȨģʽ¿ÚÁî¡£¼Ç×ÅÔڸĻò´´½¨Íê³É±£´æÅäÖã¬Õâ¾Í´ó¹¦¸æ³ÉÁË¡£
Æä´ÎÎÒÃÇÀ´ÔÚÒ»¸öûÓдøÓÐÈíÇýµÄPIX»ú×Ó½øÐпÚÁî»Ö¸´
°´ÕÕÎÒÃǵIJ½ÖèÀ´£¬ÄãÒ»¶¨»á¸ã¶¨µÄ¡£Õâ¶ùÓиöÀý×Ó£¬ÄãÃÇ¿ÉÒԲο¼£º
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/produc ts_password_recovery09186a008009478b.shtml#sample
µÚÒ»²½£¬¸ùÇ°ÃæµÚ¶þ²½Ò»Ñù£¬ÕÒÒ»Ìõ¿ØÖÆ̨µÄרÓÃÏߣ¨rolloverÏߣ©°ÑPCÓëPIXÁ¬½ÓÆðÀ´¡£
µÚ¶þ²½£¬¼ì²éÓÐûÓÐÁ¬Í¨£¬¸ùÇ°ÃæµÄµÚÈý²½Ò»Ñù¡£
µÚÈý²½£¬µ±´ò¿ª PIX»ú×Ó£¬¿´¼ûÆô¶¯ÏûÏ¢ºó£¬°´ÏÂBREAK¼ü»òESC¼ü¡£Ö®ºó¾Í½øÈëmonitor>ģʽ¡£Äã¿ÉÒÔÊäÈ룿¿´µ±Ç°ÔÚÕâ¸öÄ£ ʽÏ¿ÉÒÔÓÃÄÄЩÃüÁî¡£
µÚËIJ½£¬ÓÃinterface ÃüÁîÖ¸¶¨Ò»¸ö×¼±¸ÓõÄethernet¿Ú£¨interface 0,0¶Ë¿ÚÓëÔ¶³ÌTFTP·þÎñÆ÷ÏàÁ¬£©¡£Ò»°ãPIXÓÐÖ»Á½¸ö½Ó¿Ú¡££¨½¨ÒéÓý»²æÏß°ÑPCµÄÍø¿¨ÓëPIXµÄETHERNET¿ÚÁ¬½Ó ÆðÀ´£¬ÓÃPCµ±TFTP·þÎñÆ÷£©
µÚÎå²½£¬ÓÃaddressÃüÁîÔÚPIXµÄethernet¿ÚÖ¸¶¨Ò»¸öIPµØÖ·£¬²»ÓÃÊäÈëÑÚÂë¡£
µÚÁù²½£¬ÓÃserverÃüÁîÖ¸¶¨Ô¶³Ì¿ÉÒÔ´«np**.binÎļþµÄTFTP·þÎñÆ÷µÄIPµØÖ·£¬Ò²²»ÓÃÊäÈëÑÚÂë¡£
µÚÆß²½£¬ÓÃfileÃüÁîÖ¸¶¨Ô¶³ÌTFTP·þÎñÆ÷ÉÏnp**.binµÄÎļþÃû¡£ÀýÈçIOS°æ±¾Îª5.1µÄ¿ÚÁî»Ö¸´ÎļþΪnp51.bin¡£
µÚ°Ë²½£¬Èç¹ûÓÐҪͨ¹ýÍø¹ØµÄ»°£¬ÒªÓÃgatewayÃüÁîÖ¸¶¨Í¨¹ýµÄÍø¹Ø
·ÓÉÆ÷µÄIPµØÖ·¡£
µÚ¾Å²½£¬Èç¹ûÓбØÒª£¬ÓÃpingÃüÁîÑéÖ¤PIXÓëÔ¶³ÌTFTP·þÎñÆ÷ÊÇ·ñÁ¬Í¨¡£Èç¹ûping²»Í¨µÄ»°£¬¼ì²éÒ»ÏÂÁ¬½ÓÕý²»ÕýÈ·¡£
µÚÊ®²½£¬½Ó×ÅÊäÈëtftpÃüÁʼ´Ótftp´«np**.binÎļþµ½PIX¡£
µÚʮһ²½£¬Îļþ´«ÍêÖ®ºó£¬¾Í³öÏÖÏÂÃæµÄѯÎÊÏûÏ¢£¬ÎÊɾ²»É¾³ýÔÀ´µÄ¿ÚÁî¡£Èç¹ûÓÐtelnet»òAAAÈÏÖ¤¿ÚÁîµÄ»°£¬Õâ¸ö*×÷Ò²»á°ÑËûÃÇÔÀ´³Éȱʡ»ò¸Éµô¡£
µÚÊ®¶þ²½£¬ºÍÉÏƪµÄµÚÆß²½Ò»Ñù£¬Í¬ÉÏ£¬Ê¡¡£
sample outputÀý×Ó¡£
¿´²»¶®¸úÌù˵£¡~
************************************************************ ***********
Èý¡¢ÎҵĿÚÁî»Ö¸´¾Àú£¨PIX506E£©
ÓÉÓÚPIX506EÕâ¸öÐͺÅÊÇûÓÐÈíÇýµÄ£¬ÎÒ²ÉÓÃÁ˵ڶþÖÖ·½°¸¡£//´Ë·½°¸Ò²ÊÊÓÃÓÚÉý¼¶IOS
Ê×ÒªÌõ¼þ£º
1£¬´ÓÍøÉÏÏÂÔØÏà¹ØPIX ios°æ±¾µÄnp**.bin ÎÒµÄΪpix633.bin ×ÔȻѡÓÃÏÂÔØnp63.bin;
2£¬ÔÚ¿ØÖÆ̨PC°²×°TFTP·þÎñÆ÷³ÌÐò£¬°Ñnp63.bin·Åµ½TFTP·þÎñĿ¼Ï£» & nbsp;
3£¬ÓÿØÖÆ̨Õą̂PC×÷ΪԶ³ÌTFTP·þÎñÆ÷£¬IPΪ192.168.1.88,ÕÒÌõ½»²æÏß°ÑÍø¿¨ÓëPIXµÄehernet 0Á¬½ÓÆðÀ´ £»
4£¬×¼±¸Ô¤ÉèPIXµÄehernet 0 IPΪ192.168.1.1
²½ÖèÈçÏ£º
µÚÒ»²½£¬ÕÒÒ»Ìõ¿ØÖÆ̨µÄרÓÃÏߣ¨rollover´®¿ÚÏߣ©°ÑPCÓëPIXÁ¬½ÓÆðÀ´¡£
µÚ¶þ²½£¬ÓÃÒ»Ìõ½»²æÏß°Ñ¿ØÖÆ̨Íø¿¨ÓëPIXµÄehernet 0Á¬½ÓÆðÀ´¡£
µÚÈý²½£¬Í¨¹ý´®¿Ú½¨Á¢³¬¼¶Öնˣ¬¿ª»ú¼ì²éÊÇ·ñÄܽÓÈëPIX¡£Ã»ÎÊÌ⣬µ«ÊÇÓÉÓÚûÓÐÔÀ´µÄ¿ÚÁ½ø²»È¥ÌØȨģʽ¡£
µÚËIJ½£¬ÔÚÄܹ»Í¨¹ý console¿ÚÁ¬Í¨µÄÇé¿öÏ£¬ÖØÐÂÆô¶¯PIX£¬ÔÚ³öÏÖÆô¶¯ÏûÏ¢ºó£¬¸ù¾ÝÆÁÄ»ÌáʾÔÚ9ÃëÄÚ°´¼üÅÌBREAK»òESC¼ü½øÈëmon itorģʽ¡£
µÚÎå²½£¬ÔÚmonitor>ÊäÈëinterface 0½øÈë½Ó¿Úģʽ¡£
µÚÁù²½£¬add 192.168.1.1 Ö¸¶¨PIX¶Ë¿ÚµÄIPµØÖ·¡£
µÚÆß²½£¬server 192.168.1.88 Ö¸¶¨ÎÒµÄTFTP·þÎñÆ÷µÄIPµØÖ·¡£
µÚ°Ë²½£¬file np63.bin Ö¸¶¨Ô¤´«Ë͵ĿÚÁî»Ö¸´ÎļþÃû£¨²»ÖªµÀ¾Íµ½TFTPĿ¼Ï¿´Ò»Ï£©¡£
µÚ¾Å²½£¬ping 192.168.1.88 ²âÊÔµ½TFTPµÄÈý²ãÁ¬Í¨ÐÔ¡£²»Í¨µÄ»°£¬¾ÍµÃ×Ðϸ¼ì²éÒ»ÏÂÍø¿¨ÓëPIXµÄÁ¬½ÓÁË¡£
µÚÊ®²½£¬tftp »Ø³µ£¬¿ªÊ¼´«ËÍÎļþ¡£´«ËÍÍê³Éºó£¬ÌáʾÊÇ·ñҪɾ³ý¿ÚÁÊäÈëy£¬È·ÈÏɾ³ý£¬
ϵͳɾ³ý¿ÚÁî³É¹¦ºó£¬»á×Ô¶¯ÖØÆô,enable¿ÚÁîĬ ÈÏΪ¿ÕÁË¡£
µÚÊ®²½£¬ÕÕÑùÌáʾÊäÈë¿ÚÁ²»¹ÜËü£¬»Ø³µ£¬OK£¡~~´ó¹¦¸æ³É£¡~~
µÚʮһ²½£¬Èç¹ûÒª¸ÄÃÜÂëµÄ»°£¬°´ÕÕÉÏÃæ˵µÄÓÃÏà¹ØÃüÁî¸Ä¾ÍOKÁË¡£
************************************************************ ***********
ËÄ¡¢ÆäËüÁ½¸öʵÀý
PIX·À»ðǽ¿ÚÁî»Ö¸´ --´øÈíÇý
PIX·À»ðǽһµ©¿ÚÁʧ£¬ÒªÏë»ñµÃ·À»ðǽµÄ·ÃÎÊȨÏÞ£¬ÐèҪɾ³ý¿ÚÁîÔÙ´ÎÖØÐÂÉèÖá£
Ä¿Ç°PIX·À»ðǽ·ÖΪ´øÈíÇýµÄ£¨ÀýÈçPIX520£©ºÍ²»´øÈíÇýµÄ£¨ÀýÈçPIX525£©Á½ÖÖ¡£ÕâÁ½ÖÖ·À»ðǽ¿ÚÁî»Ö¸´µÄ·½·¨²»Ì«Ò»Ñù £¬ÓÈÆä¶ÔÓÚ´øÈíÇýµÄ£¬¿ÉÒÔʹÓÃÒ»ÖֱȽϼòµ¥µÄ·½Ê½Íê³É£¬ÏÂÃæ¾ßÌå½éÉÜ´øÈíÇýµÄ·À»ðǽ¿ÚÁî»Ö¸´°ì·¨¡£
Ç°ÌáÌõ¼þ£º
¸ñʽ»¯ºÃµÄÈíÅÌÒ»ÕÅ£¨Windowsϸñʽ»¯£©
ɾ³ý¿ÚÁîµÄbinÎļþÒ»¸ö£¨ÒªÇóÏÂÔØÓë·À»ðǽÈí¼þ°æ±¾Ò»ÖµÄÎļþ£©£¬ÏÂÔØÁ´½ÓΪ£º
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/produc ts_password_recovery09186a008009478b.shtml
½âѹÈí¼þÒ»¸ö£ºrawrite.exeÎļþ£¬¿ÉÒÔ´ÓÓëbinÎļþÏàͬµÄÁ´½ÓÏÂÔØ
»Ö¸´²½Ö裺
½«ÏÂÔصÄbinÎļþºÍrawrite.exeÎļþ·ÅÔÚͬһ¸öĿ¼Ï£¬È磺C:\pix
½«ÈíÅÌ·ÅÈëÈíÇý£¨×¢ÒâʹÓúó£¬ÈíÅ̸ñʽWindows½«ÎÞ·¨Ê¶±ð£¬ÐèÒª³¹µ×¸ñʽ»¯²Å¿ÉʹÓã©
ÔËÐÐrawrite.exe£¬°´ÌáʾÊäÈëbinÎļþÃû£¬ÈíÇýÅÌ·û£¬µÈ´ý³ÌÐòÖÆ×÷¿ÚÁî»Ö¸´ÅÌ
ÖÆ×÷Íê±Ïºó£¬½«ÈíÅÌ·ÅÈëPIXµÄÈíÇýÖУ¬°´Reset°´Å¥£¬ÏµÍ³×Ô¶¯ÖØÆô£¬»á´ÓÈíÇýÆô¶¯£¬²¢ÌáʾÊÇ·ñҪɾ³ý¿ÚÁÊäÈëy£¬È·ÈÏɾ ³ý£¬ÏµÍ³É¾³ý¿ÚÁî³É¹¦ºó£¬»á×Ô¶¯ÖØÆô£¬È¡³öÈíÅÌ£¬ÏµÍ³Æô¶¯ºóµÇ¼¿ÚÁîΪcisco£¬enable¿ÚÁîĬÈÏΪ¿Õ
Èç¹ûϵͳÏÔʾbooting floppy£¬µ«ÊÇûÓÐÈκÎÌáʾ¾ÍÓÖ´ÓflashÒýµ¼ÏµÍ³ÁË£¬¿ÉÄÜÊÇÓÉÓÚPIXÄÚµÄÈíÇýÏßûÓÐÁ¬½Ó£¬ÓÐÈËΪÁËÈ·±£¿ÚÁȫ¶ø½«Èí ÇýµÄÏß´Ó»úÏäÖвð³ýµô£¬Í¨¹ý¹Û²ìÆô¶¯Ê±ÈíÇýµÆÊÇ·ñÁÁ¾Í¿ÉÒÔÅжÏ
*********************************************
PIX·À»ðǽ¿ÚÁî»Ö¸´ --²»´øÈíÇý
Ö÷Ö¼ÊÇÒª¸²¸ÇÔbinÎļþ
½øÈëmonitor״̬£¬
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10) 1: i8255X @ PCI(bus:0 dev:14 irq:7 ) Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
ÉèÖñ¾¶Ë¿ÚµØÖ· monitor>
address 10.21.1.99
ÉèÖ÷þÎñÆ÷µØÖ· monitor>
server 172.18.125.3
»ñÈ¡Îļþ monitor> file np52.bin
ÉèÖÃÍø¹Ø monitor> gateway 10.21.1.1
monitor> ping 172.18.125.3 Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds: !!!!! Success rate is 100 percent (5/5)
Ö´ÐÐÏÂÔØ´«ÊäÃüÁîmonitor> tftp
tftp np52.bin@172.18.125.3 via 10.21.1.1............................
............................................................ ........
................................................. Received 73728 bytes Cisco Secure PIX Firewall password tool (3.0) 0: Tue Aug 22 23:22:19 PDT 2000 Flash=i28F640J5 @ 0x300 BIOS Flash=AT29C257 @ 0xd8000 Do you wish to erase the passwords? [yn] y Passwords have been erased. Rebooting.... 28.
-----------------------------End---------------------------- -----------
