Archive for the Password Recovery Cisco Category

Password Recovery in Cisco Devices!Great!

Posted in Password Recovery Cisco on May 21, 2008 by itdaddy

How to Recover Cisco 2500 Router’s Password 
Cisco Routers – 2500 Series 

When would you need this: When you loose the secret, enable, or onsole password of a 2500 Cisco Router.

1. Interrupt the router booting operation. This is done by pressing

(Ctrl+Break) keys simultaneously as soon as you turn on the router. This step will get you to the ROM monitor mode (rommon). You will have the following:

System Bootstrap, Version 11.0(10c), SOFTWARE

Copyright (c) 1986-1996 by cisco Systems

2500 processor with 14336 Kbytes of main memory

Abort at 0x1098FEC (PC)


The  “>”prompt is for the ROM monitor mode. If you are having a problem interrupting the boot sequence of the router, you might be interested in this procedure to simulate break key sequence .

2. Now you should change the value of the configuration register in  order to make the router neglect the contents of the NVRAM in the next boot up. This is achieved using the following command:

> o/r 0x2142

This command will change the sixth bit (originally the configuration  register is 0x2102) to one. By doing so, the router will act as new in the next boot, i.e., the router will not look for the startup-config in the NVRAM.

3. Perform a restart to the router using the following command:  

> i

The (i) stands for (initialize).

4. The router now will restart and ask you if you want to use the setup mode and of course you will say no. Now, in order not to loose the configuration that you already have in the router, you should go to the USER privileged mode and perform:

Router#copy start run

This will get you back your old configuration but with one exception, you already are in the privileged mode without having to know the password..!!!!

Now you put a new password or passwords if you may:

Router(config)#enable secret blahblah

And you can also put new console and telnet passwords if you like.

5. To get things going back to normal, change the value of the configuration register to its original form (0x2102) using the following global configuration command:

Router(config)#config-register 0x2102

6. Now you should save the configuration including the new passwords  that you know:

Router#copy run start

7. Now reload and you are good to go:



configuration registry hex values to know!


In summary these Boot Registers are quite handy:

* The value range is from 0x0 to 0xFFFF.
* 0x2102 is the factory-default configuration register value.
* 0x2142 boots from flash without using NVRAM contents good for password recovery.
* 0x2101 boots from boot prom image (not flash), good for upgrading image on flash.
* 0x2141 boots from boot prom and ignores NVRAM contents.
* 0x141, which disables the Break key, ignores the NVRAM configuration, and
boots the default system image from ROM.