[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <008901c3bb4b$ca41b130$6401a8c0@wuarnos>
From: ceo at digicron.com (vb)
Subject: cisco acl
to change password:
hook up console cable, establish session.
boot router
hit "break key" within 60 seconds of bootup
at the > prompt, type:confreg 0x2142
type "i" to reboot router
router will boot up and not require a password
type"enable"
type"copy start run"
type "conf te"
type "enable secret <new password>"
hit CNTRL-Z
type "copy run start"
reboot
send me a check.
that should do it.
----- Original Message -----
From: "isa vaul" <nonleft@....net>
To: "petard" <petard@...eshell.org>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Friday, December 05, 2003 10:30 AM
Subject: Re[2]: [Full-Disclosure] cisco acl
> Hello petard,
>
> Friday, December 5, 2003, 3:35:19 PM, you wrote:
>
> p> On Fri, Dec 05, 2003 at 01:45:31PM +0100, isa vaul wrote:
> >> Hello full-disclosure,
> >>
> >> I've got a little problem with a cisco router.
> >> It has obviously been compromised. How do i know, well the password
> >> has changed. So I want to retrieve the ACL from the RAM (not NVRAM)
> >> to see what else maybe got compromised.
> >> Does anyone know how this could be done?
> >>
> >> thanks for any suggestions in advance...
> p> You'll probably get better answers if you:
>
> p> 1. google for "cisco router forensics"
> p> 2. ask this question to a cisco list
> p> 3. ask this question to cisco tech support. they're quite good.
>
> p> Assuming you've determined the changed password and the enable
password, the command:
> p> # show running-config
> p> will display the current configuration from RAM, including any ACLs
> p> IIRC.
>
> p> HTH,
> p> petard
>
> p> --
> p> If your message really might be confidential, download my PGP key here:
> p> http://petard.freeshell.org/petard.asc
> p> and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
>
> thanks for all the replies.
> and i am aware of the 3 given possibilities.
> but i thought maybe someone on the list has some quick answer as
> well?!? and as it is a little urgent i just wanted to give it a try!
>
> Unfortunately I do not know the new password! otherwise there wouldn't
> be a problem at all.
> and more unfortunately it is not my network and had nothing to do with
> the setup. or else i would have, as Mort pointed out, a tftp in
> place.
>
> --
> Best regards,
> nonleft mailto:nonleft@....net
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists