To Phevos !

Router cisco cho phép mình khôi phục lại password (password recovery) hay nói cách khác là reset lại pass khi mình trót quên chứ không có khái niệm hack pass bằng rom monitor. Đối với từng dòng router khác nhau thì cách reset tương đối khác một chút, phần dưới đây mình trích dẫn giúp bạn cách recovery pass của dòng 2500 ( thông dụng khi học CCNA ). Về tftp server đó là một PC được cài chương trình truyền file qua giao thức tftp, các định dạng khác nhau của thanh ghi boot cũng giống như một bảng mã hóa nhiều trạng thái khác nhau, mỗi trạng thái chỉ thị một cách boot khác nhau.
Phần dưới đây là reset pass của dòng 2500; http://www.cisco.com

Complete these steps to recover a lost or forgotten password:

Attach a terminal or PC with terminal emulation to the console port of the router. Use these terminal settings:

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control The required console cable specifications are described in the Cabling Guide for RJ-45 Console and AUX Ports (Cisco 1000 Series, 2500 Series, and AS5100).

If you still have access to the router, enter the show version command, and record the setting of the configuration register; it is usually 0x2102 or 0x102.

For a sample output of a show version command, see the Sample Output section.

If you do not have access to the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.

Note: Password recovery procedures cannot be done through telnet connections.

Turn the power switch of the router off, and then turn it back on.

Send a break sequence from the terminal keyboard within 60 seconds of the power-up to put the router into ROMmon. The break sequence depends on your Operating System or Terminal Emulator. See Standard Break Key Sequence Combinations During Password Recovery for different key combinations.

Type o and press ENTER at the > prompt, and record the current value of the configuration register (usually 0x2102, or 0x102):

>o

!--- Shows the configuration register option settings.


Configuration register = 0x2102 at last boot
Bit# Configuration register option settings:
15 Diagnostic mode disabled

!--- Output supressed.

Type o/r 0x2142 and press ENTER at the > prompt to boot from Flash without loading the configuration.

Type i at the > prompt and press ENTER.

The router reboots, but ignores its saved configuration.

Type no after each setup question or press CTRL + C to skip the initial setup procedure.

Type enable at the Router> prompt.

You will be in enable mode, and see the Router# prompt.

Type configure memory or copy startup-config running-config to copy the NVRAM into memory. Do not type write memory or copy running startup-config.

Type write terminal or show running-config.

The show running-config and write terminal commands show the configuration of the router. In this configuration you see under all the interfaces the shutdown command, which means all interfaces are currently shutdown. Also, you can see the passwords either in encrypted or unencrypted format.

Type configure terminal and make the changes.

The prompt is now:

hostname(config)#Type enable secret <password> to change the enable secret password, for example..

Issue the no shutdown command on every interface that is used. If you issue a show ip interface brief command after you exit configuration mode, every interface that you want to use should be "up up".

Type config-register 0x2102, or the value you recorded in step 4.

This causes the router to load the Cisco IOS software from the Flash with the configuration from NVRAM at the next reload.

Press CTRL + Z to leave the configuration mode.

The prompt is now:

hostname#Type write memory or copy running-config startup-config to commit the changes.

Type Reload to restart the router with the Cisco IOS software booting from the Flash.

Managing Configuration Registers

All Cisco routers have a 16-bit software register that’s written into NVRAM. By default, the configuration register is set to load the Cisco IOS from flash memory and to look for and load the startup- config file from NVRAM. In the following sections I am going to discuss the configuration register settings, and how to use these settings to provide password recovery on your routers.

Understanding the Configuration Register Bits

The 16 bits of the configuration register are read from 15 to 0, from left to right. The default configuration setting on Cisco routers is 0x2102. This means that bits 13, 8, and 1 are on, as shown in Table 9.2. Notice that each set of 4 bits is read in binary with a value of 8, 4, 2, 1:


Hình "register.jpg"

Add the prefix 0x to the configuration register address. The 0x means that the digits that follow are in hexadecimal.

Table 9.3 lists the software configuration bit meanings. Notice that bit 6 can be used to ignore the NVRAM contents. This bit is used for password recovery—something I’ll go over with you soon in the “Recovering Passwords” section of this chapter.

Remember that in hex, the scheme is 0–9 and A–F (A = 10, B = 11, C = 12, D = 13, E = 14, and F = 15). This means that a 210F setting for the configuration register is actually 210(15), or 1111 in binary.


Hình "register_1.jpg"


The boot field, which consists of bits 0–3 in the configuration register, controls the router boot sequence. Table 9.4 describes the boot field bits.


Hình "register_2.jpg"

Cái này mình trích trong Sybex, bạn cố gắng dịch nhé, nó nói rất rõ.