Solved

How to recover the password on a Cisco PIX 501 firewall

Posted on 2009-05-08
11
525 Views
Last Modified: 2012-05-06
I purchaced a Cisco PIX firewall and found out that I needed a Rollover cable and then bought it. I have followed the directions below.

* Boot the PIX again and immediately after the reboot as it is coming back up and displaying text in your console send a break sequence with your keyboard. If you are using Hyperterminal with Windows the break sequence is Ctrl-Break.
This will send the PIX into Monitor status and you will see the following prompt on the PIX:monitor>
Patch your computer into the inside or outside interface on the PIX via a standard CAT 5 cable (i.e. patch from your computers NIC to one of the PIXs interfaces).

This next statement tells me to change the static ip address for the PC nic to 192.168.1.101

*Give your computer an IP address. For this example, lets use 192.168.1.100 with a netmask of 255.255.255.0

*Start up your TFTP server program and keep it running.
Tell the PIX which interface you will be connecting to, as follows:monitor> interface 1
---note interface 1 is inside, interface 0 is outside.

*Give the PIX a temporary IP address on the same network as your computer, as follows:monitor> address 192.168.1.101
*Tell the PIX the IP address of the TFTP server (your computer)
monitor> server 192.168.1.100

I downloaded the np63.bin to the C:\Program Files\TTERMPRO directory

*Told the PIX which file to copy:
monitor> file np63.bin

*Started the TFTP copy
monitor> tftp

This is what I get:

monitor> tftp
tftp np63.bin@192.168.1.100
TFTP failed (return:-1 arg:0x0)
monitor>

It should copy very quickly. It does not and gives an error message. I also used a linksys router with dhcp turned off to simmulate a hub/switch.

Any Ideas?
monitor> interface 1

0: i8255X @ PCI(bus:0 dev:17 irq:9 )

1: i8255X @ PCI(bus:0 dev:18 irq:10)
 

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b

monitor> address 192.168.1.101

address 192.168.1.101

monitor> server 192.168.1.100

server 192.168.1.100

monitor> file np63.bin

file np63.bin

monitor> tftp

tftp np63.bin@192.168.1.100

TFTP failed (return:-1 arg:0x0)

monitor>

Open in new window

0
Comment
Question by:smarant
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 1

Accepted Solution

by:
abhimail2002 earned 100 total points
ID: 24341953
Hi. I will suggest you to check your TFTP configuration and make sure your firewall is turned off. Sometimes the firewall blocks TFTP connection in these cases.
0
 
LVL 2

Assisted Solution

by:e3user
e3user earned 100 total points
ID: 24342895
0
 

Author Comment

by:smarant
ID: 24346272
The firewall was definitly on and I turned it off. So now as I am expecting there is communication between the pc and the pix as I am looking at the router both ports are flashing. But it just keeps doing as there is a huge massive file transfer going on. It should copy very quickly from what I have read.  Any Ideas? The teminal looks like this:

monitor> interface 1
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
monitor> address 192.168.1.154
address 192.168.1.15
monitor> server 192.168.1.100
server 0.0.0.0
monitor> server 192.168.1.100
server 192.168.1.100
monitor> file np63.bin
file np63.bin
monitor> tftp
tftp np63.bin@192.168.1.100
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 24346618
Try a different TFTP program. I have good luck with TFTPD32 just google for it.
0
 
LVL 2

Expert Comment

by:e3user
ID: 24346893
hey,
I dont if you are facing the same thing as I had before.
goto to your PC  folder options-->uncheck ''hide extensions for known file types''
maybe it is under a hidden file type which the pix is not recognizing

hope it helps.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:smarant
ID: 24347887
What does the File extentions have to do with this problem?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 24354020
Sometimes using interface 0 instead of 1 seems to work
0
 

Author Comment

by:smarant
ID: 24354091
Is there any good instruction on how to use TFTPD32  for this issue?

0
 

Author Comment

by:smarant
ID: 24401075
Question is how do I get a ping response from the pix if I am hooked directly to it and have set the pix and the pc as the following configs:

 Using 1: i82557 @ PCI(bus:0 dev:18 irq:10), MAC: 0015.63ff.653b
Use ? for help.
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:17 irq:9 )
1: i8255X @ PCI(bus:0 dev:18 irq:10)

Using 0: i82557 @ PCI(bus:0 dev:17 irq:9 ), MAC: 0015.63ff.6539
monitor> address 192.168.1.30
address 192.168.1.30
monitor> server 192.168.1.31
server 192.168.1.31
monitor> file np63.bin
file np63.bin
monitor> ping 192.168.1.30
Sending 5, 100-byte 0x324d ICMP Echoes to 192.168.1.30, timeout is 4 seconds:

Success rate is 0 percent (0/5)
monitor> ping 192.168.1.31
Sending 5, 100-byte 0x324e ICMP Echoes to 192.168.1.31, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor>
I can ping the pc I am useing but not the pix...
All firewalls on the pc atre turned off
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 24402600
as long as you can ping your tftp server, that's all that matters. You cannot ping your own interface from monitor mode.
0
 

Author Comment

by:smarant
ID: 24403246
So why do you think the PIX hangs?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now