的过程很像路由器了，也是通过 修改配置寄存器的值来实现。就不要了。

1，密码恢复准备东东

A，PC机

B，ASA配置线

我们需要通过配置线把PC机的COM口与的控制接口相连。

2，密码恢复程序

首先，我们打开PC机的超级终端，然后启动ASA后迅速按ESC或CTRL+BREAK 键进入Rommon状态。

You can press Esc (Escape) key after "Use BREAK or ESC to interrupt boot" is shown. This will take you into ROMMON mode, as follows:

rommon #0>

然后我们打入命令confreg，进行配置寄存器值的修改，有两种方法，一种是通过输入 ConfReg命令一步一步回答菜单如下：

rommon #1> confreg

Current Configuration Register: 0x00000011

Configuration Summary:

boot TFTP image, boot default image from Flash on netboot failure

Do you wish to change this configuration? y/n [n]: y

所有都按照默认回答,在问"disable system configuration?" 的时候,选择y.

这里将0X11启动模式转变到0X41模式.

第二种方法就是直接使用命令ConfReg 0x41修改配置寄存器的值。如下：

rommon #1> confreg 0x41

Update Config Register (0x41) in NVRAM...

修改后，就可以重启

rommon #2> boot

启动成功进入ASA以后,enable密码为空.

ciscoasa> enable

Password:<cr>

ciscoasa# copy startup-config running-config

ciscoasa# configure terminal

设置新的密码

ciscoasa(config)# password Pa55

ciscoasa(config)# enable password PIXp455

ciscoasa(config)# username BluShin password Goodp455

修改会原来的配置寄存器的值

ciscoasa(config)# config-register 0x11

保存配置文件，切记，否则新密码无效

ciscoasa(config)# copy running-config startup-config

后记

====================

     有时候我们为了加强安全性，打入了no service password-recovery命令。这时候进行密码恢复时，就不能通过修改配置寄存器的值来实现了，而只能删除所有文件来实现，当然删除的文件会包 括配置文件和OS文件。

ciscoasa(config)# no service password-recovery

WARNING: Saving "no service password-recovery" in the startup-config will disable password recovery via the PIX Password Lockout Utility. The only means of recovering from lost or forgotten passwords will be for the PIX Password Lockout Utility to erase all file systems including configuration files and images.You should make a backup of your configuration and have a mechanism to restore images from the Monitor Mode command line.

提示两点：

1、恢复的时候会xx所有配置

2、需要保存配置文件，并有一种方式从Monitor Mode command line得到恢复的IMAGES

密码恢复过程：建立物理CONSOLE连接，RELOAD（命令）设备

press the Esc (Escape) key after "Use BREAK or ESC to interrupt boot" is shown

提示：

a new image must be downloaded via ROMMON.

Erase all file systems? y/n [n]: yes

Disk1: is not present.

Enabling password recovery...

rommon #0>

rommon #0> ADDRESS=192.168.10.1

rommon #1> SERVER=192.168.10.250

rommon #3> interface GigabitEthernet0/0

GigabitEthernet0/0

MAC Address: 000f.f775.4b54

rommon #4> file asa702.bin

rommon #5> tftpdnld

tftp !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Note

The security appliance downloads the system image file in memory and boots up the device. However, the downloaded system image is not stored in flash.

这里提示只在MEMORY而不保存到FLASH中。

此时可以进入：

ciscoasa> enable

ciscoasa# copy tftp: running-config

Address or name of remote host []? 192.168.10.250

Source filename []? CiscoASA.conf

需要将以前保存的配置文件载入到设备中然后重设密码，并保存即可

这里有两个安全提高：

1、IMEGE保存在TFTP、备份文件也保存在另外的位置

2、擦除了使用的配置文件

注意：如果TFTP不在同一网段，则：

rommon #2> GATEWAY 192.168.10.100

注意：TFTP的参数是需要预先配置好的，为密码恢复做准备，示例如下：是在rommon中 完成的

Example 4-49. Setting Up TFTP Parameters

rommon #0> ADDRESS 192.168.10.1

rommon #1> SERVER 192.168.10.250

rommon #2> interface GigabitEthernet0/0

GigabitEthernet0/0

MAC Address: 000f.f775.4b54

rommon #3> file ASA702.bin

rommon #4> set 检查参数

rommon #5> tftpdnld   开始下载

tftp !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

密码恢复

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

    PIX的密码恢复有两种方式，一种是通过软驱，另一种是无软驱实现。由于新的型号都没有带软驱，所以我只介绍无软驱恢复方法。不管怎样，PIX的密码恢复 和路由器稍有不同,都需要用专门的密码恢复文件来进行恢复.不同的PIXos选用的密码恢复文件是不同的，现在大部分的PIXos都是7.0和8.0，所 以我们选用这两个版本的密码恢复文件实验。np70.bin (7.0 and 8.0 release)

1，密码恢复准备东东

A，PC机

B，PIX配置线和交叉线，用与PIX连接

C，密码恢复文件()

D，TFTP服务软件

     我们需要把PC机与PIX接口相连，一个通过配置线是PC的COM口与PIX的控制口相连，另一个是PC的网卡与PIX的某一以太接口相连。然后我们在 PC机上开启Tftp服务，并且把np70.bin文件放在Tftp目录下。

2，密码恢复程序

首先，开启超级终端，然后在启动PIX的时候快速按ESC或者BREAK,进入Rom Moniter状态.我们会看到如下信息。

CISCO SYSTEMS PIX FIREWALL

Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73

Compiled by morlee

32 MB RAM

PCI Device Table.

Bus Dev Func VendID DevID Class              Irq

00 00 00   8086   7192 Host Bridge       

00 07 00   8086   7110 ISA Bridge        

00 07 01   8086   7111 IDE Controller    

00 07 02   8086   7112 Serial Bus         9

00 07 03   8086   7113 PCI Bridge        

00 0D 00   8086   1209 Ethernet           11

00 0E 00   8086   1209 Ethernet           10

Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001

Platform PIX-506E

System Flash=E28F640J3 @ 0xfff00000

Use BREAK or ESC to interrupt flash boot.

Use SPACE to begin flash boot immediately.

Flash boot interrupted.                        

0: i8255X @ PCI(bus:0 dev:14 irq:10)

1: i8255X @ PCI(bus:0 dev:13 irq:11)

Ethernet auto negotiation timed out.

Ethernet port 1 could not be initialized.

Use ? for help.

我们输入"?"查看命令。

monitor> ?

?                        this help message    帮助命令

address   [addr]   set IP address of the PIX interface on which

                    the TFTP server resides 设置PIX与TFTPserver相连接口IP地址

file          [name] set boot file name      配置需要tftp传输的文件名字

gateway   [addr] set IP gateway        配置网关

help                    this help message

interface    [num]   select TFTP interface   进入配置接口模拟

ping        <addr> send ICMP echo

reload                    halt and reload system    重启

server    [addr] set server IP address      指定Tftp服务器地址

tftp                   TFTP download       传输文件

timeout            TFTP timeout

trace                 toggle packet tracing

我们进行密码恢复命令：

monitor> interface 0 #进入到与PC机相连的eth0接口模式下

0: i8255X @ PCI(bus:0 dev:14 irq:10)

1: i8255X @ PCI(bus:0 dev:13 irq:11)

Using 0: i82557 @ PCI(bus:0 dev:14 irq:10), MAC: 000d.bc7e.d97a

monitor>address 192.168.11.11    #设置接口IP地址

address 192.168.11.11

monitor> file np70.bin #指定需要tftp的文件

file np70.bin

monitor> ping 192.168.11.88 #测试tftp sever地址

Sending 5, 100-byte 0x9e5e ICMP Echoes to 192.168.11.88, timeout is 4 seconds:

!!!!!

Success rate is 100 percent (5/5)

monitor> server 192.168.11.88 #设置tftp服务器IP地址

server 192.168.11.88

monitor> tftp #开始传输文件

tftp

..........................................................................

......................................................................

Received 129024 bytes

Cisco Secure PIX Firewall password tool (3.0) #0: Wed Mar 27 11:02:16 PST 2002

System Flash=E28F640J3 @ 0xfff00000

BIOS Flash=am29f400b @ 0xd8000

Do you wish to erase the passwords? [yn] y

The following lines will be removed from the configuration:

        enable password mLbCjoY6Ql1vh0o4 encrypted

        passwd i/Y4R6kWHD6hjJ/v encrypted

Do you want to remove the commands listed above from the configuration? [yn] y

Passwords and aaa commands have been erased.

Rebooting..

CISCO SYSTEMS PIX FIREWALL

Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73

Compiled by morlee

32 MB RAM

PCI Device Table.

Bus Dev Func VendID DevID Class              Irq

00 00 00   8086   7192 Host Bridge       

00 07 00   8086   7110 ISA Bridge        

00 07 01   8086   7111 IDE Controller    

00 07 02   8086   7112 Serial Bus         9

00 07 03   8086   7113 PCI Bridge        

00 0D 00   8086   1209 Ethernet           11

00 0E 00   8086   1209 Ethernet           10

Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001

Platform PIX-506E

System Flash=E28F640J3 @ 0xfff00000

Use BREAK or ESC to interrupt flash boot.

Use SPACE to begin flash boot immediately.

Reading 1536512 bytes of image from flash.     

##################################################################################

32MB RAM

System Flash=E28F640J3 @ 0xfff00000

BIOS Flash=am29f400b @ 0xd8000

mcwa i82559 Ethernet at irq 11 MAC: 000d.bc7e.d97b

mcwa i82559 Ethernet at irq 10 MAC: 000d.bc7e.d97a

-----------------------------------------------------------------------

                               ||        ||

                               ||        ||

                              ||||      ||||

                          ..:||||||:..:||||||:..

                        c i s c o S y s t e m s

                    Private Internet eXchange

-----------------------------------------------------------------------

                        Cisco PIX Firewall

Cisco PIX Firewall Version 7.2(2)

Licensed Features:

Failover:           Disabled

VPN-DES:            Enabled

VPN-3DES:           Disabled

Maximum Interfaces: 2

Cut-through Proxy: Enabled

Guards:             Enabled

URL-filtering:      Enabled

Inside Hosts:       Unlimited

Throughput:         Limited

IKE peers:          Unlimited

****************Warning ************************

Compliance with U.S. Export Laws and Regulations - Encryption.

This product performs encryption and is regulated for export

by the U.S. Government.

This product is not authorized for use by persons located

outside the United States and Canada that do not have prior

approval from Cisco Systems, Inc. or the U.S. Government.

This product may not be exported outside the U.S. and Canada

either by physical or electronic means without PRIOR approval

of Cisco Systems, Inc. or the U.S. Government.

Persons outside the U.S. and Canada may not re-export, resell

or transfer this product by either physical or electronic means

without prior approval of Cisco Systems, Inc. or the U.S.

Government.

********************* Warning ***********************

Copyright (c) 1996-2002 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.

                170 West Tasman Drive

                San Jose, California 95134-1706

.

Cryptochecksum(changed): f72dbc0b 3560939d 6544ff4a 70d7e598

Type help or '?' for a list of available commands.

pixfirewall> en

Password: <cr>

pixfirewall#