1 首先要根据实验场景

登录路由器进入全局模式去配置enable password    然后保存
        # enable  password    123
 2    破解过程
（一） 开机后按“ctrl +Break”键，进入Rom 监控模式：
System Bootstrap, Version 5.2(5), RELEASE SOFTWARE
Copyright (c) 1986-1994 by cisco Systems
2500 processor with 16384 Kbytes of main memory

Abort at 0x1050450 (PC)
                > o/r     0x2142     (忽略Nvram 的引导配置信息      25系列)
                >i                     (重启)

（二）重新启动后，进入配置模式

System Bootstrap, Version 5.2(5), RELEASE SOFTWARE
Copyright (c) 1986-1994 by cisco Systems
2500 processor with 16384 Kbytes of main memory

ERR: Invalid chip id 0x80B5 (reversed = 0x1AD ) detected in System flash
F3: 15020608+968908+947160 at 0x3000060

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(29), RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 11-May-05 13:19 by kellmill
Image text-base: 0x0307D3C0, data-base: 0x00001000

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 02427741, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

enable
config  mem      (拷贝Nvram中配置信息到memory中) 
Conf   t
(config)# enable    secret    cisco     (修改口令)
(config)# config-register    0x2102    (应用Nvram 的引导配置信息)
Exit
Copy run start    （保存配置文件和新口令） 
Reload             (重启，配置生效)

2 下面是2600系列的   破解过程
（一） 开机后按“ctrl +Break”键，进入Rom 监控模式：
confreg  0x2142   （26系列）
reset      重启
               
（二）重新启动后，进入配置模式
enable
config  mem      (拷贝Nvram中配置信息到memory中) 
Conf   t
(config)# enable    secret    cisco     (修改口令)
(config)# config-register    0x2102    (应用Nvram 的引导配置信息)
Exit
Copy run start    （保存配置文件和新口令） 
Reload             (重启，配置生效)