重置Catalyst 6500/6000 和 Cisco 7600 系列交换机Consle口密码详解

news/2024/12/13 17:59:15/

目录

  • 说明
  • 分解步骤
  • 输出示例
  • 其他类型的机器简版过程

说明

在运行 Cisco IOS 系统软件的 Catalyst 6500/6000 和 Cisco 7600 上,其启动顺序与 Cisco 7200 系列路由器有所不同,因为两者的硬件不一样。在您关机并重新开机机箱后,交换机处理器(SP)首先启动。在一小段时间(大约 25 到 60 秒)后,它将控制台所有权转交给路由处理器 (RP (MSFC))。RP 继续加载捆绑的软件映像。请务必在 SP 将控制台控制权转交给 RP 之后立即按 Ctrl-brk。如果您太早发送中断序列,则您会进入 SP 的 ROMMON 模式,这不是您想要的模式。请在控制台上显示以下消息后发送中断序列:

00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor

在这之后,口令恢复过程与普通路由器一样。
Note: 从此时起,运行 Cisco IOS 系统软件的 Catalyst 6000 系列交换机称为路由器。

分解步骤

由于交换机上运行的操作系统,交换机的配置方式与路由器相同。口令恢复过程的步骤与 Cisco 7200 系列路由器基本相同,唯一的不同是在开始中断序列之前,您必须等待大约 25 到 60 秒。
1、使用仿真终端或PC代有终端仿真的路由器的控制台端口。使用以下终端设置:

9600 baud rate 
No parity 
8 data bits 
1 stop bit 
No flow control 

2、如果仍然访问路由器,请发出show version命令,并且记录配置寄存器的设置。它通常是0x2102或0x102。点击此处发现输出的show version命令。
3、如果您无权访问路由器(由于丢失登录或 TACACS 口令),则您的配置寄存器被设置为 0x2102。
4、请使用电源开关关闭并重新打开该路由器。
5、 警告: 只有在 RP 获得控制台端口的控制权后才能启动中断序列。
在 RP 获得控制台端口的控制权后,立即按终端键盘上的 Break。在运行 Cisco IOS 软件的 Catalyst 6500 上,SP 将首先启动。在它启动后,会将控制权转交给 RP。在 RP 获得控制权后,启动中断序列。在显示此消息时,RP 已获得控制台端口的控制权。(请勿起动中断序列,直到您看到此消息) :

00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor

从这时起,密码恢复流程是相同的象为其他路由器。如果中断序列不起作用,请参阅口令恢复过程中的标准break键序列组合,获取其他键组合。
6、键入confreg 0x2142在rommon1>提示:从闪存引导,无需装载配置。
7、键入reset在rommon 2>提示:路由器重新启动。但是,它会忽略已保存的配置。在每设置问题以后键入no或按Ctrl-C跳到最初的设置步骤。
8、键入enable (event)在Router>提示:您处于启用模式下,并且会看到 Router# 提示。重要信息:发出 configure memorycopy start running命令,将非易失性 RAM (NVRAM) 复制到内存中。请不要发出 configure terminal 命令。发出write terminal or show running命令。show runningwrite terminal show命令路由器的配置。在此配置中,shutdown 命令显示在所有接口下面。这意味着所有接口当前已关闭。此外,口令都采用加密或未加密格式。

9、发出 configure terminal命令以进入全局配置模式并进行更改,提示:当前是hostname(config)-。
10、在全局配置模式下发出 enable secret < password > 命令以更改启用口令。
11、发出config-register 0x2102命令或者您在第2步在全局配置模式的值(Router(config)-)下记录送回配置值到其最初值。
12、更改虚拟终端口令(如果存在):

Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#^Z
Router# 

13、在正常使用的每个接口上发出 no shutdown 命令。提示:发出 show ip interface brief 命令查看接口及其当前状态的列表。您必须是在执行show ip interface brief命令的特权模式如下示例:

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prol
Vlan1                      172.17.10.10    YES TFTP   administratively down dow 
Vlan10                     10.1.1.1        YES TFTP   administratively down dow 
GigabitEthernet1/1         unassigned      YES unset  administratively down dow 
GigabitEthernet1/2         unassigned      YES TFTP   administratively down dow 
GigabitEthernet2/1         unassigned      YES TFTP   administratively down dow 
GigabitEthernet2/2         unassigned      YES TFTP   administratively down dow 
FastEthernet3/1            172.16.84.110   YES TFTP   administratively down dow 
<snip>...
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fastEthernet 3/1
Router(config-if)#no shutdown 
Router(config-if)#exit
Router(config)# <do other interfaces as necessary...>

14、发出 write memorycopy running startup 命令以提交更改。
注意事项:敲此命令后 原有配置将丢失!!!
若需要保存配置,需要在启动中将配置文件备份!

输出示例

Router>enable
Password: 
Router#show version
Cisco Internetwork Operating System Software 
IOS (tm) c6sup1_rp Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:14 by eaarmas
Image text-base: 0x60020950, data-base: 0x6165E000
ROM: System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE 
BOOTFLASH: MSFC Software (C6MSFC-BOOT-M), Version 12.1(6)E, EARLY DEPLOYMENT RE)
Router uptime is 14 minutes
System returned to ROM by power-on (SP by reload)
System image file is "sup-bootflash:c6sup11-jsv-mz.121-6.E"
Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory.
Processor board ID SAD04281AF6
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
24 Ethernet/IEEE 802.3 interface(s)
2 Virtual Ethernet/IEEE 802.3  interface(s)
48 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3 interface(s)
381K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
16384K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
Router#
Router#show module
Slot Ports Card Type                                 Model                 Serial Number
---- ----- ----------------------------------------- --------------------- -----------1     2   Cat 6000 sup 1 Enhanced QoS (active)      WS-X6K-SUP1A-2GE      SAD043301JS   2     2   Cat 6000 sup 1 Enhanced QoS (standby)     WS-X6K-SUP1A-2GE      SAD03510114   3    48   48 port 10/100 mb RJ45                    WS-X6348-RJ-45        SAD04230FB6   6    24   24 port 10baseFL                          WS-X6024-10FL-MT      SAD03413322   
Slot MAC addresses                      Hw    Fw           Sw
---- ---------------------------------- ----- ------------ ----------1   00d0.c0d2.5540 to 00d0.c0d2.5541   3.2   unknown      6.1(0.105)OR2   00d0.bcf1.9bb8 to 00d0.bcf1.9bb9   3.2   unknown      6.1(0.105)OR3   0002.7ef1.36e0 to 0002.7ef1.370f   1.1   5.3(1) 1999- 6.1(0.105)OR6   00d0.9738.5338 to 00d0.9738.534f   0.206 5.3(1) 1999- 6.1(0.105)OR
Router#
Router#reload
Proceed with reload? [confirm]

‎在这里,您关闭电源,然后重新打开电源。
在这里,它是通过重新加载而不是硬电源循环完成的‎。

00:15:28: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging.
00:15:27: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (admin reque)
00:15:28: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (admin reque)
00:15:28: %C6KPWR-SP-4-DISABLED: power to module in slot 6 set off (admin reque)
00:15:28: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor
00:15:28: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co.
00:15:30: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging.
***
*** --- SHUTDOWN NOW ---
***
00:15:30: %SYS-SP-5-RELOAD: Reload requested
00:15:30: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor
00:15:30: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co.
00:15:31: %OIR-SP-6-REMCARD: Card removed from slot 1, interfaces disabled

首先,开关处理器出现‎。

System Bootstrap, Version 5.3(1)
Copyright (c) 1994-1999 by cisco Systems, Inc.
c6k_sup1 processor with 65536 Kbytes of main memory
Autoboot executing command: "boot bootflash:c6sup11-jsv-mz.121-6.E"
Self decompressing the image : ###############################################]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software 
IOS (TM) c6sup1_sp Software (c6sup1_sp-SPV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:52 by eaarmas
Image text-base: 0x60020950, database: 0x605FC000
Start as Primary processor
00:00:03: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging ou.
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor

‎当前RP现在已经控制了控制台。
这是当你发送中断命令序列‎。
中断引导,请按住Ctrl
+break

System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE 
Copyright (c) 1998 by cisco Systems, Inc.
*** Address Error (Load/Fetch) Exception ***
Access address = 0x5e
PC = 0x5e, Cause = 0x10, Status Reg = 0x3040d003
ROM Monitor Can Not Recover From Exception
A Board Reset Is Issued
*** Software NMI ***
PC = 0xbfc0b6b0, SP = 0x00002a90
Cat6k-MSFC platform with 131072 Kbytes of main memory
Self decompressing the image : ################################################]
*** System received an abort due to Break Key ***
signal= 0x3, code= 0x0, context= 0x6049ed68
PC = 0x601011ac, Cause = 0x20, Status Reg = 0x34008002

*您现在处于RP上的ROMMON模式。继续密码!—恢复程序,就像在任何路由器上一样。
*将配置注册从0x2102更改为0x2142导致路由器忽略现有的!配置。您希望它被忽略,因为它有密码,你不知道。*‎

rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset 
System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE 
Copyright (c) 1998 by cisco Systems, Inc.
Cat6k-MSFC platform with 131072 Kbytes of main memory
Self decompressing the image : ################################################]
Attempt to download 'sup-bootflash:c6sup11-jsv-mz.121-6.E' ... okay
Starting download of 'sup-bootflash:c6sup11-jsv-mz.121-6.E': 8722810 bytes!!!!!!
Chksum: Verified!
Self decompressing the image : ################################################]Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.Cisco Systems, Inc.170 West Tasman DriveSan Jose, California 95134-1706
Cisco Internetwork Operating System Software 
IOS (TM) c6sup1_RP Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by Cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:14 by eaarmas
Image text-base: 0x60020950, database: 0x6165E000
Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory.
Processor board ID SAD04281AF6
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
24 Ethernet/IEEE 802.3 interface(s)
1 Virtual Ethernet/IEEE 802.3  interface(s)
48 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3 interface(s)
381K bytes of nonvolatile configuration memory.
4096K bytes of packet SRAM memory.
16384K bytes of Flash internal SIMM (Sector size 256K).--- System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]: n

路由器忽略已保存的配置,并在初始配置模式!输入。‎

Press RETURN to get started!
00:00:03: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure conso.
00:00:04: %C6KPWR-4-PSINSERTED: power supply inserted in slot 1.
00:00:04: %C6KPWR-4-PSOK: power supply 1 turned on.
00:02:08: %SYS-SP-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (TM) c6sup1_SP Software (c6sup1_sp-SPV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:52 by eaarmas
00:02:13: L3-MGR: l2 flush entry installed
00:02:13: L3-MGR: l3 flush entry installed
00:02:14: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (TM) c6sup1_RP Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by Cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:14 by eaarmas
00:02:17: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (admin reque)
00:02:18: %C6KPWR-SP-4-ENABLED: power to module in slot 3 set on
00:02:18: %C6KPWR-SP-4-ENABLED: power to module in slot 6 set on
00:02:28: sm_set_moduleFwVersion:  nonexistent module (1)
00:02:38: %SNMP-5-MODULETRAP: Module 1 [Up] Trap
00:02:38: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online
00:02:56: %SNMP-5-MODULETRAP: Module 6 [Up] Trap
00:02:56: %OIR-SP-6-INSCARD: Card inserted in slot 6, interfaces are now online
00:02:59: SP: SENDING INLINE_POWER_DAUGHTERCARD_MSG SCP MSG
00:02:59: %SNMP-5-MODULETRAP: Module 3 [Up] Trap
00:02:59: %OIR-SP-6-INSCARD: Card inserted in slot 3, interfaces are now online
Router>enable
Router#

‎您无需密码即可直接进入权限模式。 此时,配置运行配置是一个默认配置,所有端口都会在管理上关闭。

Router#copy startup-config running-config
Destination filename [running-config]? <press enter>

这会拉入原始配置。由于您已经处于特权!—模式,此配置中的密码不会影响您‎。

4864 bytes copied in 2.48 secs (2432 bytes/sec)
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.]

覆盖您不知道的密码。这是您的新启用密码‎。

Router(config)#^Z
Router#
Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prol
Vlan1                      172.17.10.10    YES TFTP   administratively down dow 
Vlan10                     10.1.1.1        YES TFTP   administratively down dow 
GigabitEthernet1/1         unassigned      YES unset  administratively down dow 
GigabitEthernet1/2         unassigned      YES TFTP   administratively down dow 
GigabitEthernet2/1         unassigned      YES TFTP   administratively down dow 
GigabitEthernet2/2         unassigned      YES TFTP   administratively down dow 
FastEthernet3/1            172.16.84.110   YES TFTP   administratively down dow 
<snip>...

在要使用的所有接口上发出‎‎不关闭‎‎命令‎。

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fastEthernet 3/1
Router(config-if)#no shutdown 
Router(config-if)#exit

*覆盖虚拟终端密码‎.

Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#^Z
Router#

将配置寄存器恢复到正常状态,以便它不再!—忽略存储的配置文件‎。

Router#show version
Cisco Internetwork Operating System Software 
IOS (tm) c6sup1_rp Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:14 by eaarmas
Image text-base: 0x60020950, data-base: 0x6165E000
ROM: System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE 
BOOTFLASH: MSFC Software (C6MSFC-BOOT-M), Version 12.1(6)E, EARLY DEPLOYMENT RE)
Router uptime is 7 minutes
System returned to ROM by power-on (SP by reload)
System image file is "sup-bootflash:c6sup11-jsv-mz.121-6.E"
Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory.
Processor board ID SAD04281AF6
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
24 Ethernet/IEEE 802.3 interface(s)
2 Virtual Ethernet/IEEE 802.3  interface(s)
48 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3 interface(s)
381K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
16384K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2142
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#^Z
Router#

‎验证配置寄存器是否已更改以进行下一次重新加载‎。

Router#show version
Cisco Internetwork Operating System Software 
IOS (tm) c6sup1_rp Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 17-Mar-01 00:14 by eaarmas
Image text-base: 0x60020950, data-base: 0x6165E000
ROM: System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE 
BOOTFLASH: MSFC Software (C6MSFC-BOOT-M), Version 12.1(6)E, EARLY DEPLOYMENT RE)
Router uptime is 8 minutes
System returned to ROM by power-on (SP by reload)
System image file is "sup-bootflash:c6sup11-jsv-mz.121-6.E"
Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory.
Processor board ID SAD04281AF6
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
24 Ethernet/IEEE 802.3 interface(s)
2 Virtual Ethernet/IEEE 802.3  interface(s)
48 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3 interface(s)
381K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
16384K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2142 (will be 0x2102 at next reload)
Router#
Router#copy running-config startup-config
Destination filename [startup-config]? <press enter>
Building configuration...
[OK]
Router#

*可选:如果您要测试路由器!—正常工作,并且已更改密码,则重新加载并测试‎.

Router#reload
Proceed with reload? [confirm] <press enter>

其他类型的机器简版过程

1、先按住mode 键然后再加电,大约10-15秒后松开能进入switch:模式,部分机型时间可能会久一点,可以看console的输出
使机器进入到==switch:==或者
2、如果想保留之前配置,仅修改console密码enable密码或vty的密码,需要将原有配置文件rename。
输入命令:

flash_init
rename flash:config.text flash:config.old
boot

(swith: 模式下命令无法补全,需手动敲完整)
设备启动之后先进特权模式,然后执行以下操作

copy flash:config.old system:running-config
conf t
enable sec cisco
!
line con 0
no password //需要设置console密码执行password xxx 即可 xxx为自定义密码
!
line vty 0 4
password cisco
!

最后通过wr或者copy running-config startup-config 保存最新配置
3.、如果仅想清空当前设备配置,可将上面中的rename 命令更改为delete flash:config.text / delete flash:vlan.dat 执行完成之后boot启动即可

相关参考文档:思科官方

作者:余钦
辛丑年壬辰月己巳日


http://www.ppmy.cn/news/169160.html

相关文章

内部版本7600无法安装ie9浏览器

弄个win7专业版的系统&#xff0c;然后默认的是ie8浏览器&#xff0c;根据开发需求就想着安装一个ie9的浏览器&#xff0c;那就到网上下载吧。 下载了进行安装&#xff0c;发现不能安装&#xff0c;是不是需要打什么补丁&#xff0c;那好吧&#xff0c;进行系统漏洞以及打补丁…

drupal cve-2018-7600 远程代码执行漏洞 简介

漏洞分析 Drupal 在 3 月 28 日爆出一个远程代码执行漏洞&#xff0c;CVE 编号 CVE-2018-7600&#xff0c;通过对比官方的补丁&#xff0c;可以得知是请求中存在 # 开头的参数。Drupal Render API 对于 # 有特殊处理&#xff0c;比如如下的数组&#xff1a; $form[choice_wra…

【渗透测试】Drupal 漏洞 CVE-2018-7600 远程代码执行-复现

Drupal 漏洞 CVE-2018-7600 远程代码执行-复现 漏洞简介&#xff1a; Drupal是一个开源内容管理系统&#xff08;CMS&#xff09;&#xff0c;全球超过100万个网站&#xff08;包括政府&#xff0c;电子零售&#xff0c;企业组织&#xff0c;金融机构等&#xff09;使用。两周…

DC-1靶场(CVE-2018-7600)

1.下载DC-1靶场: DC-1下载地址https://download.vulnhub.com/dc/DC-1.zip2.解压打开靶场&#xff0c;导入虚拟机网络模式改为桥接模式&#xff0c;打开虚拟机。 3.浏览器访问80端口&#xff0c;其实也可以先用nmap扫描一下端口。 是一个Drupal CMS。 4.先挂扫描器走一波。 …

Drupal-CVE-2018-7600漏洞复现

# Drupal Drupalgeddon 2 远程代码执行漏洞&#xff08;CVE-2018-7600&#xff09; Drupal 是一款用量庞大的CMS&#xff0c;其6/7/8版本的Form API中存在一处远程代码执行漏洞&#xff0c;Drupal 对 Form API (FAPI) AJAX 请求的输入卫生不足。 结果&#xff0c;这使攻击者能…

【CVE-2018-7600】Drupal 8 远程代码执行漏洞

使用vulhub搭建环境 cd /drupal/CVE-2018-7600/ docker-compose up -d 使用vulhub搭建环境出现了一些问题&#xff0c;这里直接使用BUU的环境 BUU CEV-2018-7600 进去也要初始化环境&#xff0c;一开始语言选择英文&#xff0c;数据库选择SQLite 其他的可以随便设置 进入 这…

drupal 代码执行 (CVE-2018-7600)复现

drupal 代码执行 CVE-2018-7600 drupal 代码执行 (CVE-2018-7600)0x01 漏洞描述0x02 影响范围0x03 漏洞复现工具 poc 验证 cve-2018-7600_poc.py 0x04 漏洞修复 drupal 代码执行 (CVE-2018-7600) Drupal是使用PHP语言编写的开源内容管理框架&#xff08;CMF&#xff09;&#…

drupal远程代码执行 (CVE-2018-7600)漏洞学习与复现

文章目录 一、漏洞描述二、POC&EXP 一、漏洞描述 drupal是一个开源PHP管理系统&#xff0c;架构使用的是php环境mysql数据库的环境配置。在Drupal 6.x&#xff0c;7.x&#xff0c;8.x系列的版本中&#xff0c;均存在远程代码执行漏洞。该漏洞产生的原因在于Drupal对表单渲…