Windows Administrator “Lost Password” / “Password Reset”

KB ID 0000159

Problem

You have forgotten your password, or the administrators password fo your Windows machine.

Note: You can also ‘Blank’ or reset the DSRM (Directory Services Restore Mode) password on a Domain Controller (Tested on 2012 R2, by blanking the password). Using this method.

Lost Password : Fix

Lost Password Software Download Links

Password Reset CD Image (3.5Mb) Note: This is a .iso file – you need to burn it as an image! Simply dropping this file on a CD will NOT work.

WARNINIG – If your drive has been encrypted with Windows Bitlocker this procedure will not work!

Related Articles, References, Credits, or External Links

Windows 8 – Lost / Forgotten Password?

Cisco Catalyst Password Recovery / Reset

KB ID 0000496 

Problem

The title is a bit of a misnomer, we are not going to recover the password, we are simply going to change the password to one we know.

Solution

Note: This procedure works on models, 2900, 2940, 2950, 2955, 3500XL, and 3550. Before you start connect the the device with a console cable and terminal emulation software, the procedure is the same as the one I’ve outlined here.

1. Power the switch off >press and hold the “Mode” button > Power on the switch.

2. For 2900, 3500XL and 3550 Switches release the mode button when the 1x LED light goes out (all the other port lights will remain lit). For a 2940 and 2950 Switch release the mode button after the “Stat” LED goes out. For a 2955 switch press CTRL+BREAK.

3. On screen you should see the following.

[box]

Base ethernet MAC Address: 00:0b:be:78:a2:00
Xmodem file system is available.
The password-recovery mechanism is enabled.

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

flash_init
boot

[/box]

4. Type “flash_init” then when it has ran type “load_helper”

[box]

switch: flash_init
Initializing Flash...
flashfs[0]: 18 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 4386304
flashfs[0]: Bytes available: 11612672
flashfs[0]: flashfs fsck took 17 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
switch: load_helper

[/box]

5. Next we need to make sure that the config.text file is in flash memory type “dir flash:”

Note: don’t forget the colon on the end or it will error and say “Permission Denied”.

[box]

switch: dir flash:
Directory of flash:/

2 drwx 192 <date> c3550-i9q3l2-mz.121-11.EA1a
17 -rwx 255 <date> info
18 -rwx 255 <date> info.ver
19 -rwx 5448 <date> config.text
20 -rwx 5 <date> private-config.text
21 -rwx 2364 <date> vlan.dat

11612672 bytes available (4386304 bytes used)

[/box]

6. We are now going to change the name of the config file so when the switch boots it will start with no configuration, then we can boot the switch.

[box]

switch: rename flash:config.text flash:config.backup
switch: boot

[/box]

7. Eventually when the switch boots it will ask if you want to configure it, say no.

[box]

Model revision number: G0
Motherboard revision number: A0
Model number: WS-C3550-24-SMI
System serial number: CAT0650Y1VR

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

[/box]

8. At this point we can go to enable mode, change the name of the config.text file back again, and load it into memory (press Enter to accept the default filenames).

[box]

Switch>enable
Switch#rename flash:config.backup config.text
Destination filename [config.text]?
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
5448 bytes copied in 0.728 secs

[/box]

9. Finally you can remove the password, and reset it to whatever you want, and save the new config.

[box]

HostName#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HostName(config)#no enable secret
HostName(config)#enable password thisisthenewpassword
HostName#wr mem
Building configuration...
[OK]
HostName#

[/box]  

Related Articles, References, Credits, or External Links

Cisco ASA – Password Recovery / Reset

Cisco PIX (500 Series) Password Recovery / Reset

Cisco Router – Password Recovery /Bypass

Cisco Router – Password Recovery /Bypass

KB ID 0000931 

Problem

If you have a Cisco router that you have forgotten the password for, or have been given one, or simply bought one from ebay, you may not know the password. In fact many years ago an ISP was going to charge me a ridiculas amount of money to put an entry in a routers routing table, this procedure ‘ahem’ would have allowed to to do it myself, for free, and then reload the router.

Solution

The reason you are able to do this is because of the router’s configuration register, this is the setting that decides how the system boots and how it operates. Usually it’s set to 0x2102 you can see this on a working router by running a ‘show version‘ command.

There are a number of different config register settings;

Configuration Register

Router Behavior

0x102 Ignores break, 9600 console baud
0x1202 1200 baud rate
0x2101 Boots into bootstrap, ignores break, Boots into ROM if initial boot fails, 9600 console baud rate
0x2102 Ignores break, Boots into ROM if initial boot fails, 9600 console baud rate default value for most platforms
0x2120 Boots into ROMmon, 19200 console speed
0x2122 Ignores break, Boots into ROM if initial boot fails, 19200 console baud rate
0x2124 NetBoot, Ignores break, Boots into ROM if initial boot fails, 19200 console speed
0x2142 Ignores break ,Boots into ROM if initial boot fails, 9600 console baud rate, Ignores the contents of Non-Volatile RAM (NVRAM) (ignores configuration)
0x2902 Ignores break, Boots into ROM if initial boot fails, 4800 console baud rate
0x2922 Ignores break, Boots into ROM if initial boot fails, 38400 console baud rate
0x3122 Ignores break, Boots into ROM if initial boot fails, 57600 console baud rate
0x3902 Ignores break, Boots into ROM if initial boot fails, 2400 console baud rate
0x3922 Ignores break, Boots into ROM if initial boot fails, 115200 console baud rate

The one we are interested in I’ve emboldened above (0x2142), if we can boot the router, without loading the config, we can manually load the config whilst we have administrative access, which means we can do what we like, (including changing the passwords).

1. Connect a console cable to the router and connect to it using some terminal emulation software (like PuTTy)*. Power cycle the router and as it starts to boot press the ‘break’ key (on some keyboards press Ctrl+Break, on others you can simply press the Esc Key. You will know you are successful if the router boots into ROMMON mode. Issue the following commands;

[box]

rommon 1 > confreg 0x2142
rommon 2 > reset 

[/box]

*Typically at Baud 9600, 8 bits, 1 Stop Bit, No parity, No flow control.

2. The router will reboot, when prompted select no to not enter the setup dialog. (Don’t panic your config is safe in NVRAM!).

3. Now you can go to enable mode without entering a password, and load the routers startup-configuration into memory.

[box]

Router> enable
Router# copy startup-conig running-config
Destination filename [running-config]? {Enter}

[/box]

4. You can at this point make any changes you like, but we are here to change the passwords. On this router I want to reset the enable password, and I protect console access with a username and password, so I want to add a new one for myself. Set the configuration register back to its default setting of 0x2101, save the changes. Then reload the router and make sure you can now get access.

[box]

Petes-Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Petes-Router(config)# enable secret P@ssword123
Petes-Router(config)# username petelong privilege 15 password P@ssword123
Petes-Router(config)# config-register 0x2102
Petes-Router(config)# end
Petes-Router# write memory
Petes-Router# reload
Proceed with reload? [confirm] {Enter}

[/box]

5. And we are in.

Related Articles, References, Credits, or External Links

Cisco Catalyst Password Recovery / Reset

Cisco ASA – Password Recovery / Reset

Cisco PIX (500 Series) Password Recovery / Reset