Password Recovery
Passwords are stored on the PIX application an MD5 hash.This is good; you are probably
aware that Cisco blazon 7 passwords can be instantly decrypted application a simple
personal agenda abettor (PDA). MD5 assortment is harder:A hacker about has to
try out all the combinations. Unfortunately, the MD5 assortment acclimated on the PIX is
significantly weaker than the Cisco blazon 5 assortment acclimated on Cisco routers. Programs
such as Cain & Abel (www.oxid.it) can, with time, ascertain a password.This
weakness has been assigned CVE vulnerability CAN-2002-0954. So if all you
have is a printout, you can balance your password.This can be attainable for
machines that are in assembly environments. (However, the admonition is that others
can do the same. Be accurate about abrogation agreement files on TFTP servers or
printouts area others can get to them.)
www.syngress.com
70 Chapter 2 • Introduction to PIX Firewalls
If your ambiance can abide a little downtime, you can displace your PIX
password.You download a program, depending on your OS version, that will execute
on the PIX and displace the countersign to the default, cisco.You can again get in
and use accredit approach to set the countersign to a accepted value.
Earlier you saw that adviser approach was acclimated for emergencies. Forgetting the
password is a appealing acceptable emergency. Here is what you do:
1. Pick the actual adaptation of the software from Table 2.2.
Table 2.2 PIX Countersign Accretion Binaries
Version Filename URL
4.3 and nppix.bin www.cisco.com/warp/public/110/nppix.bin
earlier releases
4.4 absolution np44.bin www.cisco.com/warp/public/110/np44.bin
5.0 absolution np50.bin www.cisco.com/warp/public/110/np50.bin
5.1 absolution np51.bin www.cisco.com/warp/public/110/np51.bin
5.2 absolution np52.bin www.cisco.com/warp/public/110/np52.bin
5.3 absolution np53.bin www.cisco.com/warp/public/110/np53.bin
6.0 absolution np60.bin www.cisco.com/warp/public/110/np60.bin
6.1 absolution np61.bin www.cisco.com/warp/public/110/np61.bin
6.2 absolution np62.bin www.cisco.com/warp/public/110/np62.bin
2. Place this software on a TFTP server attainable to the PIX.
3. Affix to the PIX on the animate port.Verify connectivity. (You
should get a countersign prompt, which you can’t answer.)
4. Reboot the PIX.
5. Within 10 abnormal of the reboot, columnist Esc to access adviser mode.
6. Use the interface command to set the interface to that of the TFTP
server.
7. Use the abode command to specify the IP abode of that interface.
8. Use the server command to specify the IP abode of the TFTP server.
9. Use the aperture command to specify the absence avenue to the TFTP
server, if needed. (This is not recommended; if at all possible, try to have
the TFTP server on the aforementioned arrangement as the PIX interface to minimize
the likelihood of book corruption.)
www.syngress.com
Introduction to PIX Firewalls • Chapter 2 71
10. Use the book command to specify the filename of the accretion book you
chose in Step 1.
11. Use the ping command to verify that you can affix to the TFTP
server.
12. Use the tftp command to alpha the download.
At this point, you should be prompted to abolish the passwords, and you will be
in.The absence countersign has now been set to cisco, with no accredit password.