Here's a good link in performing a password recovery on a Cisco ASA 5500 first generation firewall . I performed a password recover on a Cisco ASA 5510 firewall below:
Evaluating
BIOS Options ...
Launch
BIOS Extension to setup ROMMON
Cisco
Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Platform
ASA5510
Use BREAK or ESC to interrupt boot.
Use SPACE
to begin boot immediately.
Boot
interrupted.
Management0/0
Ethernet
auto negotiation timed out.
Interface-4
Link Not Established (check cable).
Default
Interface number-4 Not Up
Use ? for
help.
rommon
#0> confreg
Current Configuration Register: 0x00000041
Configuration
Summary:
boot default image from Flash
ignore system configuration
Do you wish to change this configuration? y/n [n]: y
enable
boot to ROMMON prompt? y/n [n]:
enable
TFTP netboot? y/n [n]:
enable
Flash boot? y/n [n]:
select
specific Flash image index? y/n [n]:
disable system configuration? y/n [n]: y
go to
ROMMON prompt if netboot fails? y/n [n]:
enable
passing NVRAM file specs in auto-boot mode? y/n [n]:
disable
display of BREAK or ESC key prompt during auto-boot? y/n [n]:
Current
Configuration Register: 0x00000040
Configuration
Summary:
boot ROMMON
ignore system configuration
Update Config Register (0x40) in NVRAM...
rommon
#1> boot
Launching
BootLoader...
Boot
configuration file contains 2 entries.
Loading
disk0:/asa917-9-k8.bin...
<OUTPUT TRUNCATED>
Restricted Rights Legend
Use,
duplication, or disclosure by the Government is
subject
to restrictions as set forth in subparagraph
(c) of
the Commercial Computer Software - Restricted
Rights
clause at FAR sec. 52.227-19 and subparagraph
(c) (1)
(ii) of the Rights in Technical Data and Computer
Software
clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Ignoring startup configuration as instructed by
configuration register.
INFO:
Power-On Self-Test in process.
...........................................................
INFO:
Power-On Self-Test complete.
INFO:
MIGRATION - Saving the startup errors to file
'flash:upgrade_startup_errors_201910220639.log'
Type help
or '?' for a list of available commands.
ciscoasa>
enable
Password:
ciscoasa#
configure terminal
ciscoasa(config)#
*****************************
NOTICE *****************************
Help to
improve the ASA platform by enabling anonymous reporting,
which
allows Cisco to securely receive minimal error and health
information
from the device. To learn more about this feature,
please
visit: http://www.cisco.com/go/smartcall
Would you
like to enable anonymous error reporting to help improve
the
product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)#
write erase
Erase
configuration in flash memory? [confirm]
[OK]
ciscoasa(config)#
no config-register
ciscoasa(config)#
write memory
Building
configuration...
Cryptochecksum:
5c9a33a9 3f5cb4cd 26554b4a efd76652
2225
bytes copied in 3.300 secs (741 bytes/sec)
[OK]
ciscoasa(config)#
reload
Proceed
with reload? [confirm]
ciscoasa(config)#
***
*** ---
START GRACEFUL SHUTDOWN ---
Shutting
down isakmp
Shutting
down License Controller
Shutting
down File system
***
*** ---
SHUTDOWN NOW ---
Process
shutdown finished
<OUTPUT TRUNCATED>
Evaluating
BIOS Options ...
Launch
BIOS Extension to setup ROMMON
Cisco
Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Platform
ASA5510
Use BREAK
or ESC to interrupt boot.
Use SPACE
to begin boot immediately.
Launching
BootLoader...
Default
configuration file contains 1 entry.
Searching
/ for images to boot.
Loading
/asa912-k8.bin... Booting...
<OUTPUT TRUNCATED>
Restricted Rights Legend
Use,
duplication, or disclosure by the Government is
subject
to restrictions as set forth in subparagraph
(c) of
the Commercial Computer Software - Restricted
Rights
clause at FAR sec. 52.227-19 and subparagraph
(c) (1)
(ii) of the Rights in Technical Data and Computer
Software
clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!
Configuration
Compatibility Warning:
The version 9.1(7)9 configuration may contain
syntax that is
not backward compatible with the 9.1(2) image
that is loaded.
***
Output from config line 7, "ASA Version 9.1(7)9 "
ssh
stricthostkeycheck
^
ERROR: %
Invalid Hostname
***
Output from config line 65, "ssh stricthostkeycheck"
.
Cryptochecksum
(unchanged): 5c9a33a9 3f5cb4cd 26554b4a efd76652
INFO:
Power-On Self-Test in process.
...........................................................
INFO:
Power-On Self-Test complete.
Type help
or '?' for a list of available commands.
ciscoasa>
enable
Password:
<HIT ENTER>
ciscoasa#
show version
Cisco
Adaptive Security Appliance Software Version 9.1(2)
Device
Manager Version 7.1(1)52
Compiled
on Thu 09-May-13 15:37 by builders
System
image file is "disk0:/asa912-k8.bin"
Config
file at boot was "startup-config"
ciscoasa
up 1 min 4 secs
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron
1600 MHz,
Internal
ATA Compact Flash, 256MB
BIOS
Flash M50FW080 @ 0xfff00000, 1024KB
Encryption
hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot
microcode : CN1000-MC-BOOT-2.00
SSL/IKE
microcode : CNLite-MC-SSLm-PLUS-2_05
IPSec
microcode :
CNlite-MC-IPSECm-MAIN-2.08
Number of
accelerators: 1
0: Ext: Ethernet0/0 : address is 001e.13f0.3168, irq 9
1: Ext: Ethernet0/1 : address is 001e.13f0.3169, irq 9
2: Ext: Ethernet0/2 : address is 001e.13f0.316a, irq 9
3: Ext: Ethernet0/3 : address is 001e.13f0.316b, irq 9
4: Ext: Management0/0 : address is 001e.13f0.316c, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed
features for this platform:
Maximum
Physical Interfaces :
Unlimited perpetual
Maximum
VLANs : 100 perpetual
Inside
Hosts :
Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security
Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect
Premium Peers : 2 perpetual
AnyConnect
Essentials : Disabled perpetual
Other VPN
Peers : 250 perpetual
Total VPN
Peers : 250 perpetual
Shared
License :
Disabled perpetual
AnyConnect
for Mobile : Disabled perpetual
AnyConnect
for Cisco VPN Phone : Disabled perpetual
Advanced
Endpoint Assessment : Disabled perpetual
UC Phone
Proxy Sessions : 2 perpetual
Total UC
Proxy Sessions : 2 perpetual
Botnet
Traffic Filter :
Disabled perpetual
Intercompany
Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This
platform has an ASA 5510 Security Plus license.
Serial
Number: JMX12021234
Running
Permanent Activation Key: 0xfe3bfc5c 0x0cd4fce4 0x10e2f59c 0x90b03123
0xc2112456
Configuration register is 0x1
Configuration
has not been modified since last system restart.
ciscoasa# sh run
: Saved
:
ASA Version 9.1(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
pager lines 24
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5c9a33a93f5cb4cd26554b4aefd76652
: end
ciscoasa# sh run
: Saved
:
ASA Version 9.1(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
pager lines 24
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5c9a33a93f5cb4cd26554b4aefd76652
: end