The most important thing that you must do when securing your IT systems is to deny physical access to your IT systems. The old saying “Physical access is full access” is one to keep in mind when planning security for your IT systems. Servers, routers, and switches must be kept behind locked doors at all times, access to these systems should only be given to your trusted administrators.
Simply: If you can’t guaranty physical security you can’t guaranty security at all.
This applies to anything, from Cisco equipment to home office routers/switches and also includes your software be it a Microsoft Operating System or a Linux Operating System.
Below are a few examples of how to recover passwords from various devices:
1 – Password recovery: Cisco Router
- Connect the console cable on the Cisco router and restart the router
- From the terminal, break the default boot procedure
- Follow the Cisco Password Recovery Procedure, 5-10 commands
That’s all you need to get full control to a Cisco router (eg. Cisco 2600 series)
The full procedure can be fund here:
Password Recovery Procedure for the Cisco 2600 and 2800 Series Routers
2 – Password recover in a Cisco Switch
Restart the switch and hold down the Mode button for a couple of seconds.
When you get access to the CLI, you just need to type a couple of commands to initialize the flash, load the helper, rename the file that contains the password and restart the switch again.
On the next boot the password will be gone and you will be able to set your new password.
The full steps can be found here:
3 – Restoring the factory configuration.
Some equipment, especially devices used at home by home users or home office users come with a Reset button. Pushing this button for 30 seconds will remove any configuration and restore to the device to the factory settings. The default password to gain access should be available in the equipment manual or it can easily found on the internet. This is the quickest way to remove an unknown password.
4 – Crack a password and/or access files in a Windows operating system
A very simple way to reset a password on a locked Windows OS is to use a common installation disk.
During the install you can drop to command line and gain full access to the offline OS drive, at this point it is easy to copy any file you need to external media. Another exploit that can be used from the PE command prompt is to replace the OSK executable with CMD.exe. OSK.exe is the executable the operating system runs to open the Ease of Access Centre. The Ease of Access Centre is available at the lock screen before logon, if the executables have been switched out you now have an open command prompt to the live operating system and a simple command can be used to change any users password.
The above is an example of how an operating system can be compromised without using malicious tools. There are also a number of purpose built tools that allow you to reset passwords for example Hiren’s recovery boot disk which is a popular disc image that system administrators use.It has tools for building, repairing and recovering file systems. It includes a program that will allow you to mount an offline registry and reset the password for any local user accounts. Some Linux live CD’s also include password reset tools and allow you to mount offline file systems and access their contents. Beyond this we have actual Cracking or ”hacker” tools and programs that will grant an unauthorized user access much more quickly and efficiently.
The first rule of system security is “Physical access is full access”. If you cannot guaranty physical security such as with laptops you must try to offset this by using tools like Microsoft Bitlocker or one of the other 3rd party encryption applications available on the market.
You May be interested in our Information Security courses:
- CompTIA Security+
- CompTIA Social Media Security Professional (SMSP)
- Certified Information Security Systems Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Computer Hacking Forensics Investigator (CHFI)
- VMware® vCloud Networking & Security for vSphere Professionals v5.5
- CompTIA Advanced Security Practitioner (CASP)
- Cisco® Implementing Cisco® IOS Network Security v2.0 (IINS)
- Certified Information Security Manager (CISM)
- Information Security Courses with Symantec