I was strolling through my local Goodwill and I spotted a Cisco 871w on the shelf for the same $3.99 price tag as the shitty Netgear sitting next to it. I have zero need for this device but for $3.99 I had to get it. I wondered if the previous owner had failed to wipe the device before donating it. This quick tutorial shows you how to recover your password if you forget it…or see what the previous owner set for the password, among all other interesting information. TL;DR – David should have followed the information detailed on this site before donating his device.
First step is connecting the Cisco console to our workstation. I chose to use the Console cable (RJ45-to-DB9) plugged into a Prolific Serial-to-USB adapter. While you can plug your adapter into your Windows workstation and connect via Putty I do not recommend it. Even at Windows 7 I have issues with the adapter and I’m not using one of those cheap Chinese knockoffs. Without fail my workstation will eventually BSoD. Lenovo work laptop or Acer personal laptop it doesn’t matter. I prefer to connect to my Ubuntu workstation and use minicom.
Plug in your adapter and check “dmesg” to identify your serial device (usually /dev/ttyUSB0).
$ dmesg |tail
[ 88.483038] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 88.483050] usb 1-3: Product: USB-Serial Controller
[ 88.483053] usb 1-3: Manufacturer: Prolific Technology Inc.
[ 89.517987] usbcore: registered new interface driver usbserial
[ 89.518001] usbcore: registered new interface driver usbserial_generic
[ 89.518012] usbserial: USB Serial support registered for generic
[ 89.520965] usbcore: registered new interface driver pl2303
[ 89.520998] usbserial: USB Serial support registered for pl2303
[ 89.521033] pl2303 1-3:1.0: pl2303 converter detected
[ 89.521962] usb 1-3: pl2303 converter now attached to ttyUSB0The connection details are as follows:
- 9600 baud
- 8 data bits
- 2 stop bits
- No parity
- None (flow control)
$sudo minicom –s
configuration -> Serial port setup
A -> /dev/ttyUSB0 -> Enter
E -> C -> X -> Enter
F -> Enter
configuration -> Exit -> EnterThe easiest way I’ve found to issues a “break key sequence” from Ubuntu and minicom is to simulate the effect described at the bottom of the Cisco support document found here.
The connection details to simulate the break key sequence are as follows:
- 1200 baud
- 8 data bits
- 1 stop bits
- No parity
- None (flow control)
$sudo minicom –s
configuration -> Serial port setup
A -> /dev/ttyUSB0 -> Enter
E -> C -> B -> B -> B -> Enter
F -> Enter
configuration -> Exit -> EnterPower cycle (switch off and then on) the router and press the SPACEBAR for 10-15 seconds in order to generate a signal similar to the break sequence.
Modify minicom settings back to the default settings for communicating with a Cisco device as detailed above. While in minicom enter the following commands.
CTRL-A -> SHIFT-Z -> SHIFT-P
E -> C -> X -> Enter
configuration -> Exit -> EnterWe are now in ROM Monitor mode
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
monitor: command "reset" not foundThere is no option to reset so power cycle the router by turning it off and on.
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>enable
Router#show start
Using 8289 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname 871W
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$giUt$JYQ/N5nR71S9umxAsLNKj1
... SNIP ...
banner login ^CAuthorized personel Only!^C
!
line con 0
password axe55z
no modem enable
line aux 0
line vty 0 4
password axe55z
!
scheduler max-task-time 5000
endHIGHLIGHT EVERYTHING AND MAKE A COPY OF THE CONFIGURATION INTO A NOTEPAD. We will examine the configuration file for fun (and no profit) to see what details were left by the previous owner. I left the most interesting details in the snippet shown above which include cleartext credentials and the encrypted “enable” password.
Now lets put everything back were we found it so the device will boot with the current configuration.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#exit
Router#write mem
Building configuration...
[OK]
Router#show ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 01-May-08 02:31 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE
. . . SNIP . . .
Cisco 871W (MPC8272) processor (revision 0x200) with 236544K/25600K bytes of memory.
Processor board ID FHK102153YM
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2142 (will be 0x2102 at next reload)
Router#reload
Proceed with reload? [confirm]
*Jan 29 01:15:08.479: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.Resources
https://dcloud-cms.cisco.com/help/connect_console
https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html
https://www.netequity.com/how-to-get-rid-of-your-old-cisco-equipment/
