思科nexus交换机的密码破解与catalyst交换机的密码破解稍有不同,个人感觉nexus交换机的密码破解相对简单一些,下面简单说一下破解过程。
连接好console线,接通电源,然后按ctrl+],如下所示:
(c) Copyright 2014, Cisco Systems.
N3K-C3548P-10GX BIOS v.2.0.6, Wed 12/24/2014, 04:15 PM
ERROR: C2:V1050007 I0 93B80003-9FB3-11D4-9A3A-0090273FC14D BE3A5018
(c) Copyright 2014, Cisco Systems.
N3K-C3548P-10GX BIOS v.2.0.6, Fri 12/26/2014
Booting kickstart image: bootflash:/n3500-uk9-kickstart.6.0.2.A7.2.bin
...............................................................................
..................................Image verification OK
Booting kernel
[ 0.000000] Fastboot Memory at 0c100000 of size 201326592
]^]^]^]]]]]]^]Usage: init 0123^]POST INIT Starts at Fri Feb 23 05:42:33 UTC 2018
^]^]^]^]]Starting Nexus 3500 Platform POST.....
Executing Mod 1 1 SEEPROM Test:...done (0 seconds)
Executing Mod 1 1 GigE Port Test:.]]]]]]]]]]^]^]^]^]^]]]]^]^]^]^]]]]]]]^]^]^]^]]]]]]^]^]^]done (8 seconds)
Executing Mod 1 1 PCIE Test:.................done (0 seconds)
Mod 1 1 Post Completed Successfully
POST is completed
^]^]]]]]]^]^]^]^]^]^]]]]]]^]^]^]^]^]]]]]]^]^]^]^].^]^].^]]].]]^]^]^]^]r. done.
上面红色的部分都是我按ctrl+]时出现的,没有关系。
INIT: Sending processes the TERM signal
INIT: Sending processes the KILL signal
^]]]]Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch(boot)#
当你看到交换机进入到(boot)#模式时,破解工作基本上就要完成了。
switch(boot)# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(boot)(config)# admin-password ?
<WORD> Password for user admin (Max Size - 64)
switch(boot)(config)# admin-password cisco@1234
修改admin的密码为cisco@1234
WARNING! Enabling local authentication for login through console due to password recovery
switch(boot)(config)# exit
switch(boot)# dir
4096 Jan 01 2001 00:01:42 .patch/
0 Jan 01 2001 00:02:33 20010101_000233_poap_3976_init.log
0 Jan 27 2018 05:09:48 20180127_050948_poap_3996_init.log
0 Jan 27 2018 05:18:36 20180127_051836_poap_3996_init.log
627 Nov 18 2016 14:15:16 license_FOC2043R0MB_15_1.lic
4096 Nov 18 2016 14:25:17 lost+found/
36825088 Nov 18 2016 14:09:09 n3500-uk9-kickstart.6.0.2.A7.2.bin
181796339 Nov 18 2016 14:09:31 n3500-uk9.6.0.2.A7.2.bin
1024 Jan 01 2001 00:01:30 sprom_cstruct_2_0_0
1024 Jan 01 2001 00:02:12 sprom_cstruct_3_0_0
4096 Jan 01 2001 00:01:40 vdc_2/
4096 Jan 01 2001 00:01:40 vdc_3/
4096 Jan 01 2001 00:01:40 vdc_4/
4096 Jan 01 2001 00:01:43 virtual-instance/
Usage for bootflash: filesystem
0 bytes used
2147483647 bytes free
2147483647 bytes total
switch(boot)# load n3500-uk9.6.0.2.A7.2.bin
重新引导系统
Loading System Software Fri Feb 23 05:46:18 UTC 2018
System Software(/bootflash/n3500-uk9.6.0.2.A7.2.bin) Loaded Fri Feb 23 05:46:36 UTC 2018
ethernet switching mode
INIT: Switching to runlevel: 3
INIT: Sending processes the TERM signal
INIT: (boot)#
Mounting other filesystems: [ OK ]
User Access Verification
WYLZ-NX3548 login: admin
Password:
可以使用修改过的密码登录了,到这里破解工作已经完成了。
说明:
1、开机按ctrl+]时,不停地按,否则有可能跳过(boot)#模式。
2、思科MDS交换机的密码破解与Nexus的密码破解几乎相同,过程可供参考。
Nexus3548密码破解文档的链接没有找到,下面附一个MDS交换机密码破解的文档链接
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/configuration/guides/security/nx-os/sec_cli_6-x.pdf?dtid=osscdc000283
在文档的第70页。MDS的会了Nexus也就会了。