1
00:00:08,560 --> 00:00:13,000
So we've been told that we need to recover the passwords on these devices.

2
00:00:13,900 --> 00:00:15,340
Let's start with router 1, 

3
00:00:17,800 --> 00:00:24,040
here's router 1 we can see some neighbor relationships have come up, so EIGRP neighbor relationships

4
00:00:24,040 --> 00:00:28,740
have been formed, type enable don't know what the password is.

5
00:00:29,260 --> 00:00:31,080
So there's not much we can do here.

6
00:00:31,750 --> 00:00:36,010
We can't reload the router for password recovery

7
00:00:36,020 --> 00:00:37,510
you need physical access.

8
00:00:38,590 --> 00:00:46,330
So on the router, I'm going to turn off the power and then turn it on again, and then I'm going to press

9
00:00:46,330 --> 00:00:54,280
control C, which works as a control break on my keyboard, the brake sequence depends on your

10
00:00:54,280 --> 00:01:01,260
keyboard and operating system, such as Windows or Mac and the application that you're using.

11
00:01:01,600 --> 00:01:08,200
So on Windows, you could use putty, could use terror term or some other terminal emulation software.

12
00:01:08,830 --> 00:01:13,980
You'll have to look at what the brake sequence is on that specific device.

13
00:01:14,440 --> 00:01:21,400
So have a look on your keyboard for a brake key and press control brake as an example, or control C

14
00:01:21,760 --> 00:01:25,300
to break the start up process.

15
00:01:26,570 --> 00:01:35,600
Question mark Enter shows us various options available in ROM mon or ROM monitor mode, help also gives

16
00:01:35,600 --> 00:01:37,520
us the same list of commands.

17
00:01:38,150 --> 00:01:45,470
We're going to want to bypass the startup configuration by setting the configuration register to 0

18
00:01:45,470 --> 00:01:47,480
x2142.

19
00:01:48,750 --> 00:01:56,400
You can find a list of configuration register values by doing a search on Google, just search for Cisco

20
00:01:56,400 --> 00:02:04,500
configuration register and you'll find documents such as the following that allow you to see various

21
00:02:04,500 --> 00:02:12,930
configuration register values, 0x2142 allows you to ignore the startup configuration.

22
00:02:13,470 --> 00:02:21,330
In other words, the router ignores NVRAM and boots without a startup configuration. I'll then

23
00:02:21,420 --> 00:02:24,180
reset the device to get it to reboot.

24
00:02:25,430 --> 00:02:27,650
So that's router 1, router 2

25
00:02:31,100 --> 00:02:37,430
has a similar problem when I type enable, I don't know the password of router 2.

26
00:02:38,480 --> 00:02:45,620
Now, before I restore the password on router 2, let's complete router 1 because it's now booted up.

27
00:02:46,770 --> 00:02:55,230
I'll use No to bypass the initial configuration dialog, I now have a router using a default configuration

28
00:02:55,920 --> 00:02:56,580
type enable.

29
00:02:58,650 --> 00:03:01,530
This router has a default configuration

30
00:03:03,420 --> 00:03:12,480
but notice, the startup configuration shows me the enable password that is shown in clear text so we

31
00:03:12,480 --> 00:03:19,920
would know that password here, but you can bypass that even if you don't know what the password is.

32
00:03:20,970 --> 00:03:28,380
Notice, we are currently in enable mode, so again, the startup-configuration shows us the password

33
00:03:28,890 --> 00:03:32,860
but that's because service password encryption has not been set.

34
00:03:33,450 --> 00:03:43,050
If that was set, I wouldn't know what the password was, but I could still restore the routers configuration

35
00:03:43,440 --> 00:03:53,430
by using the command copy startup configuration running configuration, show run now shows us the configuration

36
00:03:53,430 --> 00:03:55,650
including the password

37
00:03:56,280 --> 00:04:03,480
but notice loopback, addresses and physical interface addresses are now configured on the router. If

38
00:04:03,480 --> 00:04:06,640
a service password encryption was set, 

39
00:04:07,950 --> 00:04:14,020
I wouldn't know what the password was, but I could still restore the configuration.

40
00:04:14,520 --> 00:04:16,560
Now you can hack this password

41
00:04:17,130 --> 00:04:24,720
but notice on devices such as router 2 and switch 1 that are using the secret password, you will not

42
00:04:24,720 --> 00:04:27,780
easily be able to work out what the password is.

43
00:04:28,560 --> 00:04:37,080
But we can still bypass the configuration and then sent the enable password to Cisco.

44
00:04:38,030 --> 00:04:45,920
So even if I don't know what the password is, I can bypass the device configuration by setting the

45
00:04:46,400 --> 00:04:55,490
configuration register to 0x2142 rebooting the router and then going to privilege mode or enable

46
00:04:55,490 --> 00:05:00,170
mode and then copying the configuration and then setting the password.

47
00:05:00,620 --> 00:05:05,720
One thing to be aware of is notice the physical interfaces are shut down.

48
00:05:07,010 --> 00:05:14,840
So even though you restore the configuration, you will need to go and no shut the physical interfaces

49
00:05:15,890 --> 00:05:23,720
once you've done that, restore. So show IP interface brief notice, the interfaces are now up and I can

50
00:05:23,720 --> 00:05:31,220
save the router configuration by using the WR command or in the exam copy running-config, startup

51
00:05:31,220 --> 00:05:31,760
config.

52
00:05:32,950 --> 00:05:34,720
So now if I exit out of the router

53
00:05:37,060 --> 00:05:44,530
and then go back in and type enable the password now used is Cisco, I've encrypted that password

54
00:05:45,340 --> 00:05:51,650
but if I hadn't encrypted the password, this would be displayed in clear text. In the exam

55
00:05:52,090 --> 00:05:53,530
do what you're told.

56
00:05:53,810 --> 00:05:56,520
Don't do extra things like I'm doing here.

57
00:05:56,860 --> 00:05:58,310
Do what's required.

58
00:05:58,780 --> 00:06:04,390
I'm trying to show you extra options and teach you various options on the routers.

59
00:06:06,030 --> 00:06:12,540
Now, just be careful, even though we've saved the configuration and we can log back into the router.

60
00:06:13,920 --> 00:06:18,250
The running configuration doesn't affect the configuration register.

61
00:06:19,140 --> 00:06:26,820
I need to configure the configuration register, so I'm going to set that to 2102.

62
00:06:28,730 --> 00:06:31,520
So show version, 

63
00:06:32,930 --> 00:06:39,770
shows us that the configuration register will be set to this at next reload, the configuration

64
00:06:39,770 --> 00:06:42,680
register is separate to the running configuration.

65
00:06:43,340 --> 00:06:50,360
So even though you've saved the running configuration, it doesn't change the configuration register.

66
00:06:50,960 --> 00:06:54,110
The configuration register needs to be set separately.

67
00:06:54,950 --> 00:06:55,610
So that's router

68
00:06:55,640 --> 00:06:56,410
1 completed.

69
00:06:56,570 --> 00:06:57,980
Let's have a look at router 2.