I’m going to explain how to replace the enable mode password and/or add yourself as a user on a Cisco router if you currently are unable to login but have console access. I will be performing all the commands on a Cisco 7204 VXR.
It is possible to recover the enable or console login password. The enable secret password is encrypted, however, and must be replaced with a new enable secret password.
While booting the router up, press Ctrl+Break to enter Rommon Mode.
Set the configuration register using the configuration register utilityâ€”enter the confreg command at the ROM monitor prompt as follows:
Answer yes to the enable “ignore system config info”? question and note the current configuration register settings.
Initialize the router by entering the reset command as follows:
The router will initialize, the configuration register will be set to 0x142, and the router will boot the system image from Flash memory and enter the system configuration dialog (setup) as follows:
— System Configuration Dialog —
Enter no in response to the system configuration dialog prompts until the following message is displayed:
Press RETURN to get started!
Press Return. The user EXEC prompt is displayed as follows:
Enter the enable command to enter privileged EXEC mode. Then enter the show startup-config command to display the passwords in the configuration file as follows:
Router# show startup-config
Scan the configuration file display looking for the passwords (the enable passwords are usually near the beginning of the file, and the console login or user EXEC password is near the end). The passwords displayed will look something like this:
enable secret 5 $1$ORPP$s9syZt4uKn3SnpuLDrhuei
enable password 23skiddoo
line con 0
The enable secret password is encrypted and cannot be recovered; it must be replaced. The enable and console passwords may be encrypted or clear text.
Enter the configure memory command to load the startup configuration file into running memory. This action allows you to modify or replace passwords in the configuration.
Router# configure memory
Enter the privileged EXEC command configure terminal to enter configuration mode:
Hostname# configure terminal
Change all three passwords using the following commands:
Hostname(config)# enable secret newpassword1
Hostname(config)# enable password newpassword2
Hostname(config)# line con 0
Hostname(config-line)# password newpassword3
Change only the passwords necessary for your configuration. You can remove individual passwords by using the no form of the above commands. For example, entering the no enable secret command removes the enable secret password.
You must configure all interfaces to be not administratively shutdown as follows:
Hostname(config)# interface fastethernet 0/0
Hostname(config-int)# no shutdown
Enter the equivalent commands for all interfaces that were originally configured. If you omit this step, all interfaces will be administratively shutdown and unavailable when the router is restarted.
Use the config-register command to set the configuration register to the original value. Factory default is 0x2102.
Hostname(config)# config-register 0x2102
Exit Configure mode and enter the
copy running-config startup-configcommand to save the new configuration to nonvolatile memory.
reloadcommand to reboot the router
Log in to the router with the new or recovered passwords.
That’s all you need to do to gain access to the router.