CISCO router password recovery

– Attach a terminal or PC with terminal emulation to the console port of the router.
Use these terminal settings:

* 9600 baud rate
* No parity
* 8 data bits
* 1 stop bit
* No flow control
– If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command
Note: The configuration register is usually set to 0x2102 or 0x102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.

 

– Press **Break** (**Ctrl-Break** Windows XP) on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
– Type **confreg 0x2142** at the rommon 1> prompt in order to boot from Flash. This step bypasses the startup configuration where the passwords are stored.
– Type **reset** at the rommon 2> prompt. The router reboots, but ignores the saved configuration.
– Type **no** after each setup question, or press **Ctrl-C** in order to skip the initial setup procedure.
– Type **enable** at the Router> prompt. You are in enable mode and should see the Router# prompt.
– Type **configure memory** or **copy startup-config running-config** in order to copy the nonvolatile RAM (NVRAM) into memory. **Important**: Do not type **copy running-config startup-config** or **write**. These commands erase your startup configuration.
– Type **show running-config**. The **show running-config** command shows the configuration of the router. In this configuration, the **shutdown** command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.
– Type **configure terminal**.
– The hostname(config)# prompt appears.
– Type **enable secret <password>** in order to change the enable secret password. For example: hostname(config)#**enable secret cisco**
– Issue the **no shutdown** command on every interface that you use. If you issue a **show ip interface brief** command, every interface that you want to use should display up up.
– Type **config-register <configuration_register_setting>**. Where **configuration_register_setting** is either the value you recorded in step 2 or **0x2102** . For example: hostname(config)#**config-register 0x2102**
– Press **Ctrl-z** or **end** in order to leave the configuration mode. The hostname# prompt appears.
– Type **write memory** or **copy running-config startup-config** in order to commit the changes.

SSH Tricks

This is more for me than others. Sometimes I forget things like this.

SSH Dynamic Socks Proxy for the browser.

ssh -D 8888 [email protected]
Browser: Socks Proxy localhost 888

SSH Tunnel to another host

ssh -L 9090:localhost:9090 user@proxyhost -i SSHKEY ssh -L 9090:localhost:9090 -N user@TARGETSYSTEM

Also SSH Tunnel Bypassing Transparent proxy using apache

Apache AJP reverse proxy

With apache it is possible to have a reverse proxy with AJP instead of http. With the use of mod_proxy_ajp it is very simple to set up and faster than just plain http protocol

<VirtualHost *:80>
    ServerName jenkins
    DocumentRoot "/mario/Apache22/htdocs"
    <Directory "/mario/Apache22/htdocs">
        Options Indexes Includes FollowSymLinks
        AllowOverride All
        Order Allow,Deny
        Allow from all
        Deny from none
    </Directory>
    <Location />
        ProxyPass ajp://localhost:8009/
        ProxyPassReverse ajp://localhost:8009/
    </Location>

    SetEnv vhostname jenkins
    Header add X-Server-Name %{vhostname}e
</virtualhost>

Than start the backend server, in this case only with AJP and listen only on localhost

java -jar jenkins.war --httpPort=-1 --ajp13ListenAddress=127.0.0.1

reverse proxy for utorrent part 2

In my last post about utorrent (µtorrent) I was frustrated that I wasn’t able to change the url from /gui/ to /tor/
Woot! In apache 2.3 which will be apache 2.4 and I think it will be released in early 2011 the proxy module is much better and there it works to have a different URL :-) Even as ALPHA or BETA version the new apache rocks a lot and runs stable. In condition with mod_fcgid it is real cool technology e.g. running PHP separated form apache that allows to run different PHP version of the server in vhosts or directories. Also running a non thread safe PHP version. Speed! IPv6 would be fine, but the offered patches are not applied to trunk :-/There is an annoying bug in mod_fcgid. I’m glad I found a fix for it (help from Tom Donovan and Sob).

SSH Tunnel Bypassing Transparent proxy using apache

A feature of the apache webserver is that it allows to to create a SSH connection through a transparent proxy / firewall. This is a stealth technic so no one will see it even in a large company network. Only IPoAC is able to interference this.

If you have internet access to port 80 (http) or 443 (https) you can establish a SSH connection to one of that ports. Proxys want the users to surf the web. most of the proxyes will only let their users through the paths they know safe (or whatever filtering their administrators may have set). In the best scenario, the proxy will not allow one particular HTTP method called CONNECT. This method is the one used for SSL / TLS protocol. It establishes a tunneled connection between the client and a remote server, through the proxy server. Since it is used by SSL / TLS, some proxys will let the CONNECT method free to certain sites, and most probably only on port 443.

Apache plus mod_proxy module will let us set up an HTTP server listening on port 80, and at the very same time an HTTP proxy. The proxying part is done by mod_proxy. This module turns Apache into a fully functional HTTP forward-proxy and reverse-proxy. the exciting feature of mod_proxy is its ability to handle the CONNECT method. It will even handle it if the transparent proxy, at the boundaries of our enterprise network, does not allow the CONNECT method. This, because we will talk GET and POST with Apache, the CONNECT thing happens inside Apache, and outside of the control of the enterprise proxy. The end result: we can use the CONNECT method.

Client side

  • SSH Client
  • Proxyclient

server side

  • apache webserver 2.x

This is an example virtual host configuration which I used for testing this implementation.

<VirtualHost *:80>
ServerName proxy.mydomain.com
ProxyRequests On
AllowCONNECT 22

<Proxy *>
Order deny,allow
Deny from all
</Proxy>

<ProxyMatch (host1|host2)\.mydomain\.com>
Order deny,allow
Deny from all
#Now we allow only our IP to access. Note that this IP must be the  public IP address of the enterprise proxy:
Allow from 222.22.22.100
</ProxyMatch>

# This directive enables DNS lookups so that host names can be logged. The  value Double refers to doing double reverse DNS lookup.
#That is, after a  reverse lookup is performed, a forward lookup is then performed on that  result. At least one of the IP addresses in the forward lookup must  match the original address. It is paranoid but is a good security  measure

HostnameLookups Double

ErrorLog /var/log/apache2/proxy.error.log
CustomLog /var/log/apache2/proxy.access.log common
</VirtualHost>

And now, the final step: configure our browser to use 127.0.0.1 on port 8080 as proxy. Finally we can login to our SSH server and try pointing our browser to any website we know blocked by the enterprise transparent proxy!

I know I left the part setting up apache and proxy, but this isn’t a tutorial for noobs ;-)

This is the BEST part of using Apache. You can set it up as normal web server, serving some webpage. This way whoever point to mydomain.com will see a normal and harmless website, and won’t be able to distiguish it from a non-proxying server.

reverse proxy for utorrent

Using the web UI for utorrent is a fine thing. But the webserver from utorrent is not secure. So it is recommend to use apache as reverse proxy. I tried to change the url, but I wasn’t successful.

Here the set up of cause inside a vhost.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so

ProxyPass /gui/ http://localhost/gui/
ProxyPassReverse /gui/ http://localhost/gui/

Posts Tagged proxy

Archives by Month: