Giáo trình Advanced Certificate in Information Technology - Sanlein part 58 pptx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (72.8 KB, 5 trang )
Configuration last modified by enable_15 at 23:52:55.403 UTC
Sun Mar 6 2005
Các bước thực hiện như sau :
pixfirewall>reload
Rebooting….
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35
PST 2001
Platform PIX-506E
System Flash=E28F640J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot in 10 seconds.
Flash boot interrupted. ß Nhấn Esc hoặc Break
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC:
000f.23ac.53f7
Use ? for help.
monitor> ?
? this help message
address [addr] set IP address of the PIX interface on which
the TFTP server resides
file [name] set boot file name
gateway [addr] set IP gateway
help this help message
interface [num] select TFTP interface
ping <addr> send ICMP echo
reload halt and reload system
server [addr] set server IP address
tftp TFTP download
timeout TFTP timeout
trace toggle packet tracing
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC:
000f.23ac.53f7
monitor> address 10.10.10.100
address 10.10.10.100
monitor> server 10.10.10.10
server 10.10.10.10
monitor> ping 10.10.10.10
Sending 5, 100-byte 0x13d ICMP Echoes to 10.10.10.10, timeout
is 4 seconds:
Success rate is 100 percent (5/5)
monitor> file pix631.bin
file pix631.bin
monitor> tftp
tftp
…………………………………
…………………………………………………………………
…………………………………………………………………
………………………………………….
Received 656235 bytes
Cisco Secure PIX Firewall admin loader (3.0) #0: Thu Jul 17
08:01:09 PDT 2003
Flash =E28F640J3 @ 0xfff00000
BIOS Flash =AM29F400B @ 0xd8000
Flash version 6.3.1, Install version 6.3.1
Installing to flash
Serial Number: 808036792 (0x3029a9b8)
Activation Key: 0x9a5c6f78 0x67304d0a 0xed4c2329
0x89dd199b
Do you want to enter a new activation key ? n
Pix sẽ reboot và install image mới .
Bài 2 : Password recovery
Sau đây là bài password recovery được thực hiện trên PIX 506 .
Trước khi tiến hành khôi phục password , show version để kiểm
tra pix
đang chạy OS nào :
pixfirewall> sh version
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
pix up 27 mins 25 secs
Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: ethernet0: address is 000f.23ac.53f6, irq 10
1: ethernet1: address is 000f.23ac.53f7, irq 11
< omitted >
Quan sát thông tin từ show version ở trên , ta thấy pix hiện tại
đang chạy
OS version 6.3(1) . Do đó , để khôi phục password cho pix , ta
cần phải
có file np63.bin trong tftp server .
Bài làm được thực hiện dựa trên các bước khôi phục password đã
nêu ở trên .
pixfirewall>en
password:
pixfirewall#enable password cisco
=>đặt password ở mode enable là cisco .
pixfirewall# write memory
Building configuration
Cryptochecksum: 93bc4b61 43237b6a 67fe6565 ad91568d
[OK]
pixfirewall#reload
rebooting….
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35
PST 2001
Platform PIX-506E
System Flash=E28F640J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot in 10 seconds.
Flash boot interrupted. ß Nhấn Esc hoặc Break
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC:
000f.23ac.53f7
Use ? for help.
monitor> ?
? this help message
address [addr] set IP address of the PIX interface on which the
TFTP
server resides
file [name] set boot file name
gateway [addr] set IP gateway
help this help message
interface [num] select TFTP interface
ping <addr> send ICMP echo
reload halt and reload system
server [addr] set server IP address
tftp TFTP download
timeout TFTP timeout
trace toggle packet tracing
monitor> interface ethernet1
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC:
000f.23ac.53f7
monitor> address 10.10.10.100
address 10.10.10.100
monitor> server 10.10.10.10
server 10.10.10.10
monitor> ping 10.10.10.10
Sending 5, 100-byte 0x9fd7 ICMP Echoes to 10.10.10.10, timeout
is 4
seconds:
Success rate is 100 percent (5/5)
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp
Received 92160 bytes
Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17
08:01:09
PDT 2003
System Flash=E28F640J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
Do you wish to erase the passwords? [yn] y
The following lines will be removed from the configuration:
enable password qktPUfU6etg/RRvG encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
Do you want to remove the commands listed above from the
configuration? [yn] y
Passwords and aaa commands have been erased.
Rebooting
=> Hệ thống sẽ tự động xóa password và bắt đầu reboot
