[afnog] Cisco 7609 sup32 password recovery

Hari Kurup kurup at afrinic.net
Tue Aug 11 09:40:16 UTC 2009


Copy and paste output from the link below:-

http://www.cisco.com/en/US/products/hw/switches/ps700/products_password_recovery09186a0080133fb1.shtml

The boot sequence is different on the Catalyst 6500/6000 and Cisco 7600
that run Cisco IOS System Software than the Cisco 7200 Series Router
because the hardware is different. After you power-cycle the box, the
switch processor (SP) boots up first. After a short amount of time
(approximately 25 to 60 seconds) it transfers console ownership to the
route processor (RP (MSFC)). The RP continues to load the bundled
software image. It is crucial that you press Ctrl-brk just after the SP
gives over control of the console to the RP. If you send the break
sequence too soon, you end up in the ROMMON of the SP, which is not
where you should be. Send the break sequence after you see this message
on the console:

    00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor

After this point, the password recovery is the same as a normal router.


--
Hari


On 8/11/09 11:27 AM, Frank A. Kuse wrote:-
> Hi Mark,
> 
> I did the following as you suggested and below is the latter part of the
> boot sequence which still gives me a username prompt.
> 
> Rommon 1> confreg 0x2142
> Rommon 2> boot
> 
> ----------------------------------------------------------------------------
> -------------
> cisco CISCO7609 (R7000) processor (revision 1.2) with 458752K/65536K bytes
> of memory.
> Processor board ID FOX1201G7Q7
> R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
> Last reset from power-on SuperLAT software (copyright 1990 by Meridian
> Technology Corp).
> X.25 software, Version 3.0.0.
> Bridging software.
> TN3270 Emulation software.
> 1 Virtual Ethernet/IEEE 802.3 interface
> 21 Gigabit Ethernet/IEEE 802.3 interfaces 1915K bytes of non-volatile
> configuration memory.
> 
> 65536K bytes of Flash internal SIMM (Sector size 512K).
> ICMP redirect is disabled on interfaces with secondary IP address
> 
> 
> Press RETURN to get started!
> 
> 
> 00:01:15: STDBY: RP: Currently running ROMMON from S (Gold) region
> 00:01:16: %SPANTREE-STDBY-5-EXTENDED_SYSID: Extended SysId enabled for type
> vlan
> 00:02:08: %PM-STDBY-4-INT_FAILUP: GigabitEthernet5/9 failed to come up. No
> internal VLAN available
> 00:02:08: %PM-STDBY-4-INT_FAILUP: GigabitEthernet5/9 failed to come up. No
> internal VLAN available
> 00:02:13: %SYS-STDBY-5-RESTART: System restarted -- Cisco Internetwork
> Operating System Software IOS (tm) s3223_rp Software
> (s3223_rp-ADVIPSERVICESK9_WAN-M)
> 
> User Access Verification
> 
> Username: , Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1) Technical Support:
> http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems,
> Inc.
> Compiled Wed 13-Feb-08 23:45 by kellythw
> 00:02:13: %MFIB_CONST_RP-STDBY-6-REPLICATION_MODE_CHANGE: Replication Mode
> Change Detected. Current system replication mode is Ingress
> Username: 
> % Username:  timeout expired!
> % Authentication failed.
> 
> Username:
> 
> -------------------------------------------------------------------
> Any ideas ?
> 
> Regards,
> 
> Frank
> 
>> -----Original Message-----
>> From: Mark Tinka [mailto:mtinka at globaltransit.net]
>> Sent: Tuesday, August 11, 2009 9:00 AM
>> To: Frank A. Kuse
>> Cc: afnog at afnog.org
>> Subject: Re: [afnog] Cisco 7609 sup32 password recovery
>>
>> On Tuesday 11 August 2009 04:10:35 pm Frank A. Kuse wrote:
>>
>>> In my attempt to break into a Cisco 7609 sup32 router, when typing
>>> confreg 0x2142 in the rom monitor and boot, it reset itself back to
>>> 0x2102.
>> Rather than doing a 'reset', try booting the RP after modifying the
>> config-register, i.e., 'boot'.
>>
>> Cheers,
>>
>> Mark.
> 
> 
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
> 




More information about the afnog mailing list