Keith Smith - Welcome to my mental dumping ground.

Password Recovery in AOS

Wednesday, November 29, 2017 - by Keith A. Smith

Recovering passwords requires direct physical access to a unit. This procedure cannot be performed remotely over Telnet, SSH, or the Web GUI. First, connect a straight through serial cable to the console port of the unit. Second, configure a VT100 session (i.e. HyperTerminal or ProComm) using the following settings: 9600 bps, 8 bits, no parity, 1 stop bit and no flow control. Lastly, reboot the unit by removing the power. As the unit boots, you will be given the opportunity to break into bootstrap mode by pressing the ESC key within 5 seconds. While in the monitor mode issue the following commands:

Bootstrap# bypass passwords

Bootstrap# boot
Notice that you are issuing the boot command not the reload command following the bypass passwords command. Once the unit has finished booting up, you can issue the enable command and you will not be required to enter the privileged (i.e. enable) password. Once you are in privileged mode, you can view the configured passwords by using the show run command. A new password can also be entered by going into global configuration mode by using config terminal command and issuing the enable password command where is the new password. Also remember to change any Telnet, SSH or Web GUI passwords if necessary.

Below is a sample output of these steps:

Router (1200990L1)
Executing bootstrap...
ram: 268435456 bytes of RAM detected.
Bootstrap version: 11.04.1.B2, checksum: 0F3C, Wed Nov 29
vfs: NONVOL: 120 tracks, 128 sectors/track, 1024 bytes/sector.
eth0/1: initializing...
eth0/1: MAC address is 00:A0:C8:XX:XX:XX
bootstrap: Checking boot configuration...
bootstrap: Primary image is 'NONVOL:/'.
bootstrap: User escaped to command line interface.
cli: starting command line interface...
cli: starting user interface

Press '?' for help.
bootstrap#bypass passwords

In case anyone comes across this in the future, instead of the command "bypass passwords", you can alternately use "bypass startup-config" then "boot". This will boot the system with a blank/default config. Once you get into enable mode you can enter  "copy running-config startup-config" to re-apply the default config while leaving you at the enable prompt (effectively skipping the login and enable password prompts), or you can just manually reconfigure the box in case you really messed things up.


  Share Post   

View Comments Comments

Leave a Comment