思科Nexus 3548密碼破解
連接好console線,接通電源,然後按ctrl+],如下所示:
(c) Copyright 2014, Cisco Systems.
N3K-C3548P-10GX BIOS v.2.0.6, Wed 12/24/2014, 04:15 PM
ERROR: C2:V1050007 I0 93B80003-9FB3-11D4-9A3A-0090273FC14D BE3A5018
(c) Copyright 2014, Cisco Systems.
N3K-C3548P-10GX BIOS v.2.0.6, Fri 12/26/2014
Booting kickstart image: bootflash:/n3500-uk9-kickstart.6.0.2.A7.2.bin
...............................................................................
..................................Image verification OK
Booting kernel
[ 0.000000] Fastboot Memory at 0c100000 of size 201326592
]^]^]^]]]]]]^]Usage: init 0123^]POST INIT Starts at Fri Feb 23 05:42:33 UTC 2018
Executing Mod 1 1 SEEPROM Test:...done (0 seconds)
Executing Mod 1 1 GigE Port Test:.]]]]]]]]]]^]^]^]^]^]]]]^]^]^]^]]]]]]]^]^]^]^]]]]]]^]^]^]done (8 seconds)
Executing Mod 1 1 PCIE Test:.................done (0 seconds)
Mod 1 1 Post Completed Successfully
^]^]]]]]]^]^]^]^]^]^]]]]]]^]^]^]^]^]]]]]]^]^]^]^].^]^].^]]].]]^]^]^]^]r. done.
上面紅色的部分都是我按ctrl+]時出現的,沒有關系。
INIT: Sending processes the TERM signal
INIT: Sending processes the KILL signal
^]]]]Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch(boot)#
當你看到交換機進入到(boot)#模式時,破解工作基本上就要完成了。
switch(boot)# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(boot)(config)# admin-password ?
<WORD> Password for user admin (Max Size - 64)
switch(boot)(config)# admin-password cisco@1234
修改admin的密碼為cisco@1234
WARNING! Enabling local authentication for login through console due to password recovery
switch(boot)(config)# exit
switch(boot)# dir
4096 Jan 01 2001 00:01:42 .patch/
0 Jan 01 2001 00:02:33 20010101_000233_poap_3976_init.log
0 Jan 27 2018 05:09:48 20180127_050948_poap_3996_init.log
0 Jan 27 2018 05:18:36 20180127_051836_poap_3996_init.log
627 Nov 18 2016 14:15:16 license_FOC2043R0MB_15_1.lic
4096 Nov 18 2016 14:25:17 lost+found/
36825088 Nov 18 2016 14:09:09 n3500-uk9-kickstart.6.0.2.A7.2.bin
181796339 Nov 18 2016 14:09:31 n3500-uk9.6.0.2.A7.2.bin
1024 Jan 01 2001 00:01:30 sprom_cstruct_2_0_0
1024 Jan 01 2001 00:02:12 sprom_cstruct_3_0_0
4096 Jan 01 2001 00:01:40 vdc_2/
4096 Jan 01 2001 00:01:40 vdc_3/
4096 Jan 01 2001 00:01:40 vdc_4/
4096 Jan 01 2001 00:01:43 virtual-instance/
Usage for bootflash: filesystem
0 bytes used
2147483647 bytes free
2147483647 bytes total
switch(boot)# load n3500-uk9.6.0.2.A7.2.bin
重新引導系統
Loading System Software Fri Feb 23 05:46:18 UTC 2018
System Software(/bootflash/n3500-uk9.6.0.2.A7.2.bin) Loaded Fri Feb 23 05:46:36 UTC 2018
ethernet switching mode
INIT: Switching to runlevel: 3
INIT: Sending processes the TERM signal
INIT: (boot)#
Mounting other filesystems: [ OK ]
User Access Verification
WYLZ-NX3548 login: admin
Password:
可以使用修改過的密碼登錄了,到這裏破解工作已經完成了。
說明:
1、開機按ctrl+]時,不停地按,否則有可能跳過(boot)#模式。
2、思科MDS交換機的密碼破解與Nexus的密碼破解幾乎相同,過程可供參考。
Nexus3548密碼破解文檔的鏈接沒有找到,下面附一個MDS交換機密碼破解的文檔鏈接
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/configuration/guides/security/nx-os/sec_cli_6-x.pdf?dtid=osscdc000283
在文檔的第70頁。MDS的會了Nexus也就會了。
思科Nexus 3548密碼破解