How to Recover the Password on a Cisco PIX Firewall

There are going to be several situations whereby you or a customer of yours may forget the password of a Cisco PIX firewall appliance.

The following procedure will show you step by step how to recover the lost password. This works for all PIX models running versions 6.x.

Note: For password recovery on the newer Cisco ASA devices have a look here.

What you will need:

• A console connection from your PC to the PIX.
• An ethernet connection from your PC to one of the interfaces of PIX.
• A TFTP server program running on your PC.

Procedure:

1. Connect the console cable to your serial port and plug the RJ45 end into the PIX port marked “Console”. You can use Hyperterm (which comes with Windows) or any other console program of your choice. I use SecureCRT.
2. Find out what version of software is running on your PIX. If you’re not sure, you can find out very easy in the following way. If you are connected to the PIX via a console connection, simply reboot the PIX and watch for the output. It will tell you which version is running.
3. Download the corresponding helper binary file from Cisco, depending on which software version is running on the PIX. For example, if you were running version 6.3(x) you could use the file called np63.bin found here: http://www.cisco.com/warp/public/110/np63.bin. If you were running 6.2 you could simply change the last characters on the above url to be np62.bin. Download that file and save it to the root directory of your TFTP application.
4. Next, reboot the PIX again and immediately after the reboot as it is coming back up and displaying text in your console send a break sequence with your keyboard. If you are using Hyperterminal with Windows the break sequence is Ctrl-Break.
5. This will send the PIX into “Monitor” status and you will see the following prompt on the PIX:monitor>
6. Patch your computer into the inside or outside interface on the PIX via a standard CAT 5 cable (i.e. patch from your computers NIC to one of the PIX’s interfaces).
7. Give your computer an IP address. For this example, let’s use 10.1.1.1 with a netmask of 255.0.0.0
8. Start up your TFTP server program and keep it running.
9. Tell the PIX which interface you will be connecting to, as follows:monitor> interface 1*note interface 1 is inside, interface 0 is outside.
10. Give the PIX a temporary IP address on the same network as your computer, as follows:monitor> address 10.1.1.2
11. Tell the PIX the IP address of the TFTP server (your computer)monitor> server 10.1.1.1
12. Tell the PIX which file to copy:monitor> file np63.bin
13. Start the TFTP copymonitor> tftp
14. It should copy very quickly. If it does not you will get an error message on the PIX and potentially on the TFTP server software. If you do get an error, you likely have a cabling issue or perhaps a typo of one of the above commands.
15. Once the file is copied to the PIX, the PIX will ask if you are sure you want to reset the password. Type “Y” for yes, and the PIX will reboot.

After the reboot the PIX will now have a default telnet password of “cisco” (no quotes) and no enable password.