Configuration last modified by enable_15 at 23:52:55.403 UTC Sun Mar 6 2005 Các bước thực hiện như sau : pixfirewall>reload Rebooting…. Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001 Platform PIX-506E System Flash=E28F640J3 @ 0xfff00000 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot in 10 seconds. Flash boot interrupted. ß Nhấn Esc hoặc Break 0: i8255X @ PCI(bus:0 dev:14 irq:10) 1: i8255X @ PCI(bus:0 dev:13 irq:11) Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 000f.23ac.53f7 Use ? for help. monitor> ? ? this help message address [addr] set IP address of the PIX interface on which the TFTP server resides file [name] set boot file name gateway [addr] set IP gateway help this help message interface [num] select TFTP interface ping <addr> send ICMP echo reload halt and reload system server [addr] set server IP address tftp TFTP download timeout TFTP timeout trace toggle packet tracing monitor> interface 1 0: i8255X @ PCI(bus:0 dev:14 irq:10) 1: i8255X @ PCI(bus:0 dev:13 irq:11) Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 000f.23ac.53f7 monitor> address 10.10.10.100 address 10.10.10.100 monitor> server 10.10.10.10 server 10.10.10.10 monitor> ping 10.10.10.10 Sending 5, 100-byte 0x13d ICMP Echoes to 10.10.10.10, timeout is 4 seconds: Success rate is 100 percent (5/5) monitor> file pix631.bin file pix631.bin monitor> tftp tftp pix631.bin@10.10.10.10 ………………………………… ………………………………………………………………… ………………………………………………………………… …………………………………………. Received 656235 bytes Cisco Secure PIX Firewall admin loader (3.0) #0: Thu Jul 17 08:01:09 PDT 2003 Flash =E28F640J3 @ 0xfff00000 BIOS Flash =AM29F400B @ 0xd8000 Flash version 6.3.1, Install version 6.3.1 Installing to flash Serial Number: 808036792 (0x3029a9b8) Activation Key: 0x9a5c6f78 0x67304d0a 0xed4c2329 0x89dd199b Do you want to enter a new activation key ? n Pix sẽ reboot và install image mới . Bài 2 : Password recovery Sau đây là bài password recovery được thực hiện trên PIX 506 . Trước khi tiến hành khôi phục password , show version để kiểm tra pix đang chạy OS nào : pixfirewall> sh version Cisco PIX Firewall Version 6.3(1) Cisco PIX Device Manager Version 3.0(1) Compiled on Wed 19-Mar-03 11:49 by morlee pix up 27 mins 25 secs Hardware: PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz Flash E28F640J3 @ 0x300, 8MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB 0: ethernet0: address is 000f.23ac.53f6, irq 10 1: ethernet1: address is 000f.23ac.53f7, irq 11 < omitted > Quan sát thông tin từ show version ở trên , ta thấy pix hiện tại đang chạy OS version 6.3(1) . Do đó , để khôi phục password cho pix , ta cần phải có file np63.bin trong tftp server . Bài làm được thực hiện dựa trên các bước khôi phục password đã nêu ở trên . pixfirewall>en password: pixfirewall#enable password cisco =>đặt password ở mode enable là cisco . pixfirewall# write memory Building configuration Cryptochecksum: 93bc4b61 43237b6a 67fe6565 ad91568d [OK] pixfirewall#reload rebooting…. Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001 Platform PIX-506E System Flash=E28F640J3 @ 0xfff00000 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot in 10 seconds. Flash boot interrupted. ß Nhấn Esc hoặc Break 0: i8255X @ PCI(bus:0 dev:14 irq:10) 1: i8255X @ PCI(bus:0 dev:13 irq:11) Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 000f.23ac.53f7 Use ? for help. monitor> ? ? this help message address [addr] set IP address of the PIX interface on which the TFTP server resides file [name] set boot file name gateway [addr] set IP gateway help this help message interface [num] select TFTP interface ping <addr> send ICMP echo reload halt and reload system server [addr] set server IP address tftp TFTP download timeout TFTP timeout trace toggle packet tracing monitor> interface ethernet1 0: i8255X @ PCI(bus:0 dev:14 irq:10) 1: i8255X @ PCI(bus:0 dev:13 irq:11) Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 000f.23ac.53f7 monitor> address 10.10.10.100 address 10.10.10.100 monitor> server 10.10.10.10 server 10.10.10.10 monitor> ping 10.10.10.10 Sending 5, 100-byte 0x9fd7 ICMP Echoes to 10.10.10.10, timeout is 4 seconds: Success rate is 100 percent (5/5) monitor> file np63.bin file np63.bin monitor> tftp tftp np63.bin@10.10.10.10 Received 92160 bytes Cisco Secure PIX Firewall password tool (3.0) #0: Thu Jul 17 08:01:09 PDT 2003 System Flash=E28F640J3 @ 0xfff00000 BIOS Flash=am29f400b @ 0xd8000 Do you wish to erase the passwords? [yn] y The following lines will be removed from the configuration: enable password qktPUfU6etg/RRvG encrypted passwd 2KFQnbNIdI.2KYOU encrypted Do you want to remove the commands listed above from the configuration? [yn] y Passwords and aaa commands have been erased. Rebooting => Hệ thống sẽ tự động xóa password và bắt đầu reboot . pixfirewall#enable password cisco =>đặt password ở mode enable là cisco . pixfirewall# write memory Building configuration Cryptochecksum: 93bc4b61 43237b6a 67fe 6565 ad9 1568 d [OK] pixfirewall#reload. show version để kiểm tra pix đang chạy OS nào : pixfirewall> sh version Cisco PIX Firewall Version 6.3(1) Cisco PIX Device Manager Version 3.0(1) Compiled on Wed 19-Mar-03 11:49 by morlee. ………………………………… ………………………………………………………………… ………………………………………………………………… …………………………………………. Received 6562 35 bytes Cisco Secure PIX Firewall admin loader (3.0) #0: Thu Jul 17 08:01:09 PDT 2003 Flash =E28F640J3