Password Recovery
March 11, 2025 - Reading time: 2 minutes

The Password Recovery procedure is used to regain administrative access to a device when passwords are lost or forgotten. This method involves interrupting the boot process to enter ROMMON mode, bypassing the startup configuration, and then resetting the necessary credentials. The recovery process requires precise use of configuration register changes to ensure the device boots properly without the previous settings. By following these steps, administrators can restore secure access while maintaining the integrity of the existing configuration.

Step‑by‑Step Lab: Cisco Password Recovery

1. Device Setup and Interrupting Boot

  • Setup: Console to the device needing password reset.

  • Action: Reload the router. During the boot process (#####), press the Control+Break key to enter ROMMON mode.

    Expected Console Output (ROMMON prompt):

    ROMMON 1 >

2. Change the Configuration Register in ROMMON

  • Action: At the ROMMON prompt, change the configuration register so that the router ignores the startup configuration.

    Command:

    ROMMON 1 > confreg 0x2142

    Expected Output:

    Setting configuration register to 0x2142; next reboot will ignore startup-config.

3. Reload the Router

  • Action: Reset the router to boot without loading the saved configuration.

    Command:

    ROMMON 2 > reset

    Expected Output:

    Resetting...

    After a moment, the router boots up and you will see the boot sequence messages, ending with:

    Press RETURN to get started!

4. Enter Privileged EXEC Mode

  • Action: Press Enter to access the router.

    Console Output:

    Router>

  • Action: Enter privileged mode. (No password is required because the startup configuration was bypassed.)

    Command:

    Router> enable

    Expected Output:

    Router#

5. Copy the Startup Configuration to Running Configuration

  • Action: Copy the saved configuration (which includes your passwords) into the running configuration.

    Command:

    Router# copy startup-config running-config

    Expected Output:

    Copy in progress...
[OK]
Router#

6. Reset the Password(s)

  • Action: Enter global configuration mode and set new passwords. For example, reset the enable secret.

    Commands:

    Router# configure terminal
Router(config)# enable secret NewSecretPassword
Router(config)# exit
Router#

7. Restore the Original Configuration Register

  • Action: Return the configuration register to the default so that the router loads the startup configuration on the next reboot.

    Commands:

    Router# configure terminal
Router(config)# config-register 0x2102
Router(config)# exit
Router#

8. Save the New Configuration and Reload

  • Action: Save the changes to the startup configuration and then reload the router.

    Commands:

    Router# write memory
Building configuration...
[OK]
Router# reload

    Expected Output:

    Proceed with reload? [confirm]
Reloading...

  • Verification: Once the router reboots, log in and verify that the new password is active by entering privileged EXEC mode using the new password.

    Console Interaction Example:

    Router> enable
Password: NewSecretPassword
Router#

Verification Commands

  • Check the configuration register setting:

    Command:

    Router# show version | include Configuration register

    Expected Output:

    Configuration register is 0x2102

  • Display the running configuration to verify the new enable secret:

    Command:

    Router# show running-config | include enable secret

    Expected Output:

    enable secret 5 $1$abcdef$1234567890abcdef12345

    (The hashed value will differ based on your input.)

User Challenge

Comprehensive Password Recovery:
Both the enable and secret passwords are lost. Perform the recovery procedure, then verify your changes by testing login access using the new credentials.

The lab is available for download from this link

Password Recovery | PocketCLI

Search

Categories

LATEST POSTS

Download


>