Bypassing Cisco Router Passwords -------------------------------- by Nickels 1 This is pertaining to Cisco 250012600 series routers and the password bypassing of them. There are two modes that you can use on a Cisco router: privileged/enabled and user. User mode allows simple commands like ping to be used, but does not allow global configuration of the router. The problem is that you need a password to get into privileged mode and to make configuration changes. The bypassing of this password is what the focus of this article will be. Cisco routers - 2500/2600 series that is - contain a 16 bit register that basically controls how the router will boot. The default register setting is 0x2102, which means that the router will load the configuration contained in the NVRAM, know as the startup config. What we will do is tel l the router to ignore the configuration in the NVRAM so that it will also ignore the password to get into privileged mode. The register setting to ignore the contents in NVRAM is 0x2142. This is how we go about changing the register setting. We switch the router off (this has to be done in person, not remotely), and then back on. Within the first 30 seconds, we enter a break command (ctrl+break) which will take us to one of the two prompts: for a 2600 router: "rommon 1 >" for 2500 router: ">" "rommon 1 >0x2142" "rommon 1 >reset" for the 2600 router. ">o" This will give you options to turn certain bits "on" or "off". The one we are going to select is the 6 bit, so: ">/or 0x2142" ">i" which will changc the register to igoore NVRAM and reboot the 2500 router. When the router reboots, it will ask you if you want to enter setup mode. Choose no to get into user mode. Now we have a clean sheet to work with. No passwords are set and no configurations are set - those are still in the NVRAM. However, we can enter privileged mode with no password. Use the command "router>en" and that will put us into privileged mode. We now load the configuration that is in the NVRAM to RAM (running-config) with the command: "router#copy start run". This will put all the original configurations on the router and you will be in privileged mode with free reign. One thing you must do is change the register back to the original configuration so that the router will load the contents in NVRAM on next boot. Do that with the command: "router#config t" "router(config)#config-register 0x2102" Now there are all kinds of things you can do once in privileged mode: change the privilege mode password, set up telnet passwords so that you can connect remotely, and many others. Once you have made your changes, issue the command: "router#copy run start" This will save your changes to NVRAM so they will be loaded next boot. certain bits