Both switches and routers need to have certain security guarantees, that is, they must be configured with a reasonable password in a timely manner. So what if you forget this password? The author encountered this time. Due to job transfer, the previous network administrator left the department, but set a password on the switch and did not tell me the successor network administrator. What to do? It's too troublesome to send it back to the manufacturer to crack it. So I went through a process of cracking the password with my own hands.
1. Network environment:
The company uses Shida's 3500 series (specific model is 3548) switch, and connects a Huawei 2621 router to the switch, which surfs the Internet through telecom fiber optics. In fact, this Sida 3548 switch was set by the previous network administrator without telling me. So cracking his password has become the core of this article.
2. Preparation:
Since the entire work requires disconnection, after all, it involves restarting the switch and other operations, so choose the time to be at 23:00 pm after work. In addition, since operations such as cracking passwords must be set using the CONSOLE console line, the location can only be in the central computer room. The author has found all relevant tools for the Shida 3548 device, including installation instructions and CONSOLE control cable.
3. Actual cracking password:
According to my previous experience, the use and operation command statements of all devices should be similar to those of CISCO devices, so I originally thought that the steps to crack the CISCO device password could be easily solved. Who knew that when I got started, I realized that the difference was really big. Generally speaking, CISCO devices implement password cracking operations by modifying the configuration register configuration register. The concept of configuration register configuration register does not exist in the SID switch. After querying the information, I found that the Shida switch used the method of modifying the hyper-terminal configuration to crack the password.
first step:Connect the supporting CONSOLE control line of the SID switch to the CONSOLE management interface of the device.
Step 2:Connect another disconnection of the CONSOLE control line to the COM serial port of the notebook used by the network administrator to debug.
Step 3:Enter the desktop of the notebook system and click "Start -> All Programs -> Accessories -> Communication -> Hyper-terminal".
Step 4:After starting the system's hyper-terminal, we will give the newly established connection a name.
Step 5:In the "Connect When Use" place at the connection settings, select the port you just connected with the CONSOLE control line through the drop-down menu. For example, COM1 port.
Step 6:In the COM1 property settings window, we configure the parameters of the connection. Generally speaking, when we normally connect to the switch, we should use 9600 bits per second, the data bit is 8, the parity is none, the stop bit is 1, and the data flow control is none. However, if you want to crack the password of the SDA switch, you need to modify these values. Set the PC hyper-terminal serial port rate to 57600, and the others are the same as those written above.
Step 7:After connecting to the switch using the terminal, turn on the switch's power supply. When the switch starts up and performs self-test, press the "ESC" key to enter the switch's monitoring mode multiple times. There will be multiple options on the terminal interface, including some basic initialization settings.
Tips:
At the beginning, the author tried the seventh step without success. The hyper terminal interface always displays many "......". Later I found out that the switch must be powered on after the hyperterminal is connected before powering on. If the switch is turned on first and then connected with the hyperterminal, it will not be able to enter monitoring mode.
Step 8:According to the menu prompt, upload the configuration file to the notebook used by the network administrator, and then delete the configuration file on the switch.
Step 9:Open the newly downloaded file saved on the system hard disk on the notebook, and turn the following statement
enable secret level 1 5 !E,1u_;C9&-8U0
enable secret level 15 5 *r_1u_;C3vW8U0
Delete and save and exit.
Step 10:According to the prompts of the switch monitoring mode, download the modified version on the notebook to the switch.
Step 11:Reset the hyper-terminal serial port rate of the notebook to 9600, and the others are kept in the default parameters. After the switch is powered on and restarted, enter the switch configuration interface and you will find that we can reconfigure the switch's password, including the remote TELNET management password and the privileged password of the machine. After that, the password of the switch will also become what you just configured, while other configurations will remain unchanged and will not affect any use.
Tips:
In actual use, the author found that the upload and download file functions in the monitoring mode of using the Shida 3550 switch are not stable, and transmission failures often occur. So the author simply deleted it directly in monitoring mode, and then restarted the switch and reconfigured all switch information. This situation applies to the switch's own configuration is not much or complicated. In addition, network administrators also need to be familiar with the setting statements.
Summarize:
After this practical operation of cracking the switch password, the author once again understood that for routing switching devices, the operating procedures and steps of different manufacturers are absolutely different. Even if the command statements are similar, they are still very different in other advanced operations. Therefore, all the content introduced in this article is only for Shida routers and switches. If you encounter other devices, you need to take other methods to solve it.
[1]
Article entry: csh Editor in charge: csh