Locked out of ASA 5525-X - Username and password unknown

parcelsa — Mon, 29 Aug 2022 23:42:13 GMT

I am trying to gain access to our ASA 5525-X. Was setup by someone no longer here.

I have tried all the password disable reset instructions by going into ROMMON mode and changing to 0x00000041 configuration.

Cannot find anything online anywhere that helps with this issue. Please help remove username and password so I can use the ASA.

See output below...

------------------------------------------------------------------------

Cisco BIOS Version:9B2C109A
Build Date:05/15/2013 16:34:44

CPU Type: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2394 MHz
Total Memory:8192 MB(DDR3 1333)
System memory:619 KB, Extended Memory:3573 MB

PCI Device Table:
Bus Dev Func VendID DevID Class IRQ
---------------------------------------------------------
00 00 00 8086 D130 Bridge Device
00 03 00 8086 D138 PCI Bridge,IRQ=11
00 05 00 8086 D13A PCI Bridge,IRQ=11
00 08 00 8086 D155 System Device
00 08 01 8086 D156 System Device
00 08 02 8086 D157 System Device
00 08 03 8086 D158 System Device
00 10 00 8086 D150 System Device
00 10 01 8086 D151 System Device
00 16 00 8086 3B64 I/O Port Device,IRQ=11
00 1A 00 8086 3B3C USB Controller,IRQ=11
00 1C 00 8086 3B42 PCI Bridge,IRQ=10
00 1C 04 8086 3B4A PCI Bridge,IRQ=10
00 1C 05 8086 3B4C PCI Bridge,IRQ=11
00 1D 00 8086 3B34 USB Controller,IRQ=7
00 1E 00 8086 244E PCI Bridge
00 1F 00 8086 3B16 Bridge Device
00 1F 02 8086 3B22 SATA DPA,IRQ=5
00 1F 03 8086 3B30 SMBus,IRQ=11
01 00 00 10B5 8618 PCI Bridge,IRQ=11
02 01 00 10B5 8618 PCI Bridge,IRQ=10
02 03 00 10B5 8618 PCI Bridge,IRQ=5
02 05 00 10B5 8618 PCI Bridge,IRQ=10
02 07 00 10B5 8618 PCI Bridge,IRQ=5
02 09 00 10B5 8618 PCI Bridge,IRQ=10
02 0B 00 10B5 8618 PCI Bridge,IRQ=5
02 0D 00 10B5 8618 PCI Bridge,IRQ=10
02 0F 00 10B5 8618 PCI Bridge,IRQ=5
03 00 00 8086 10D3 Ethernet,IRQ=10
04 00 00 8086 10D3 Ethernet,IRQ=5
05 00 00 8086 10D3 Ethernet,IRQ=10
06 00 00 8086 10D3 Ethernet,IRQ=5
07 00 00 8086 10D3 Ethernet,IRQ=10
08 00 00 8086 10D3 Ethernet,IRQ=5
09 00 00 8086 10D3 Ethernet,IRQ=10
0A 00 00 8086 10D3 Ethernet,IRQ=5
0B 00 00 10B5 8624 PCI Bridge,IRQ=11
0C 04 00 10B5 8624 PCI Bridge,IRQ=11
0C 05 00 10B5 8624 PCI Bridge,IRQ=10
0C 08 00 10B5 8624 PCI Bridge,IRQ=11
0C 09 00 10B5 8624 PCI Bridge,IRQ=10
0F 00 00 1000 0A05 Processor,IRQ=11
11 00 00 177D 0010 Cavium Encryption,IRQ=11
12 00 00 8086 10D3 Ethernet,IRQ=11
13 00 00 1A03 1150 PCI Bridge,IRQ=10
14 00 00 1A03 2000 VGA,IRQ=10
FF 00 00 8086 2C50 Bridge Device
FF 00 01 8086 2C81 Bridge Device
FF 02 00 8086 2C90 Bridge Device
FF 02 01 8086 2C91 Bridge Device
FF 03 00 8086 2C98 Bridge Device
FF 03 01 8086 2C99 Bridge Device
FF 03 02 8086 2C9A Bridge Device
FF 03 04 8086 2C9C Bridge Device
FF 04 00 8086 2CA0 Bridge Device
FF 04 01 8086 2CA1 Bridge Device
FF 04 02 8086 2CA2 Bridge Device
FF 04 03 8086 2CA3 Bridge Device
FF 05 00 8086 2CA8 Bridge Device
FF 05 01 8086 2CA9 Bridge Device
FF 05 02 8086 2CAA Bridge Device
FF 05 03 8086 2CAB Bridge Device

Booting from ROMMON

Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.

GigabitEthernet0/0
Link is DOWN
MAC Address: 00c8.8b7d.3577

Use ? for help.
rommon #0> confreg

Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration

Do you wish to change this configuration? y/n [n]: n

rommon #1> boot
Launching BootLoader...
Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /os.img... Booting...
Platform ASA5525

Loading...
IO memory blocks requested from bigphys 32bit: 56314
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Found device serial number FCH200379EC.
Found USB flash drive /dev/sdb
Found hard drive(s): /dev/sda
fsck from util-linux 2.23.2
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this.
/dev/sdb1: 45 files, 26381/2011044 clusters

==============================================
Use ESC to interrupt boot and launch boot CLI.
Use SPACE to launch Cisco FTD immediately.
Cisco FTD launch in 26 seconds ...
Running on saleenb
Mounting disk partitions ...
Initializing Threat Defense ... [ OK ]
Starting system log daemon... [ OK ]
Flushing all current IPv4 rules and user defined chains: ...success
Clearing all current IPv4 rules and user defined chains: ...success
Applying iptables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Flushing all current IPv6 rules and user defined chains: ...success
Clearing all current IPv6 rules and user defined chains: ...success
Applying ip6tables firewall rules:
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Applying rules successed
Starting nscd...
mkdir: created directory '/var/run/nscd' [ OK ]
Starting , please wait......complete.
Configuring NTP... [ OK ]
IPMI over LAN not active
fatattr: can't open '/mnt/disk0/.private2': No such file or directory
fatattr: can't open '/mnt/disk0/.ngfw': No such file or directory
Not reconfigurating [ OK ]
Starting xinetd:
Sat Jan 1 21:23:50 UTC 2005
Starting MySQL...
Pinging mysql
Pinging mysql, try 1
Found mysql is running
Running initializeObjects...
Stopping MySQL...
Killing mysqld with pid 3557
Wait for mysqld to exit\c
done
Sat Jan 1 21:23:58 UTC 2005
Starting sfifd... [ OK ]
Starting Cisco ASA5525-X Threat Defense, please wait...No PM running!
...started.
INIT: SwitchingStarting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_ed25519_key
done.
Starting Advanced Configuration and Power Interface daemon: acpid.
Starting crond: OK
Jan 01 21:24:01 ciscoasa SF-IMS[4264]: [4264] init script:system [INFO] pmmon Setting affinity to 1...
pid 4260's current affinity list: 0-3
pid 4260's new affinity list: 1
Jan 01 21:24:01 ciscoasa SF-IMS[4266]: [4266] init script:system [INFO] pmmon The Process Manager is not running...
Jan 01 21:24:01 ciscoasa SF-IMS[4267]: [4267] init script:system [INFO] pmmon Starting the Process Manager...
Jan 01 21:24:02 ciscoasa SF-IMS[4268]: [4268] pm:pm [INFO] Using model number 75G

ciscoasa login: IO Memory Nodes: 1
IO Memory Per Node: 230686720 bytes

Global Reserve Memory Per Node: 692060160 bytes Nodes=1

LCMB: got 230686720 bytes on numa-id=0, phys=0x178c00000, virt=0x2aaaab000000
LCMB: HEAP-CACHE POOL got 692060160 bytes on numa-id=0, virt=0x7fedf0600000
Processor memory: 4425920271

Compiled on Fri 31-Mar-17 07:44 PDT by builders

Total NICs found: 13
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 08 MAC: 00c8.8b7d.3576
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 07 MAC: 00c8.8b7d.357a
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 06 MAC: 00c8.8b7d.3575
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 05 MAC: 00c8.8b7d.3579
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 04 MAC: 00c8.8b7d.3574
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 03 MAC: 00c8.8b7d.3578
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 02 MAC: 00c8.8b7d.3573
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 01 MAC: 00c8.8b7d.3577
i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: 00c8.8b7d.3572
en_vtun rev00 Backplane Control Interface @ index 09 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 10 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 11 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface @ index 12 MAC: 0000.0100.0001
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026

ciscoasa login: cisco
Password:

****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.

A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************

Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Ignoring startup configuration as instructed by configuration register.

INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.

INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.

INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Typ
Login incorrect
ciscoasa login: cisco
Password:

Re: Locked out of ASA 5525-X - Username and password unknown

Kasun Bandara — Tue, 30 Aug 2022 05:28:16 GMT

this guide clean and explaining step by step.

https://community.cisco.com/t5/security-knowledge-base/asa-password-recovery/ta-p/3126046

Re: Locked out of ASA 5525-X - Username and password unknown

parcelsa — Tue, 30 Aug 2022 23:02:22 GMT

I have tried that. As you can see in the output it still prompts for a username and password

Re: Locked out of ASA 5525-X - Username and password unknown

Marvin Rhoads — Wed, 31 Aug 2022 03:02:02 GMT

Your ASA is running the FTD image so the procedure to recover the password for ASA running ASA image will not work. We can see the image from the following:

Use ESC to interrupt boot and launch boot CLI. Use SPACE to launch Cisco FTD immediately.

Instead, try the procedure for recovering the FTD password - break into rommon during the boot process (using ESC key as indicated above) and type "password_reset" (without the quotes).

https://www.cisco.com/c/en/us/support/docs/security/firepower-2100-series/213257-password-recovery-procedure-for-fp2100-s.html

Re: Locked out of ASA 5525-X - Username and password unknown

parcelsa — Wed, 31 Aug 2022 03:44:24 GMT

unfortunately there is not recognized command in Rommon for that.

See below.

----------------------------------------------------------------------------
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.

GigabitEthernet0/0
Link is DOWN
MAC Address: 00c8.8b7d.3577

Use ? for help.
rommon #0> password_reset
Invalid or incorrect command. Use 'help' for help.
rommon #0> ?

Variables: Use "sync" to store in NVRAM
ADDRESS= <addr> local IP address
CONFIG= <name> config file path/name
GATEWAY= <addr> gateway IP address
IMAGE= <name> image file path/name
LINKTIMEOUT= <num> Link UP timeout (seconds)
PKTTIMEOUT= <num> packet timeout (seconds)
PORT= <name> ethernet interface port
RETRY= <num> Packet Retry Count (Ping/TFTP)
SERVER= <addr> server IP address
VLAN= <num> enable/disable DOT1Q tagging on the selected port

Commands:
? valid command list
address <addr> local IP address
boot <args> boot an image, valid args are:
- "image file spec" and/or
- "cfg=<config file spec>"
clear clear interface statistics
confreg <value> set hex configuration register
dev display platform interface devices
erase <arg> erase storage media
file <name> application image file path/name
gateway <addr> gateway IP address
gdb <cmd> edit image gdb settings
help valid command list
history display command history
interface <name> ethernet interface port
no <feat> clear feature settings
ping <addr> send ICMP echo
reboot halt and reboot system
reload halt and reboot system
repeat <arg> repeat previous command, valid arguments:
- no arg: repeat last command
- number: index into command history table
- string: most recent 1st arg match in command history table
reset halt and reboot system
server <addr> server IP address
set display all variable settings
show <cmd> display cmd-specific information
sync save variable settings in NVRAM
tftpdnld TFTP download
timeout <num> packet timeout (seconds)
trace toggle packet tracing
unset <varname> unset a variable name

rommon #1>

Re: Locked out of ASA 5525-X - Username and password unknown

Marvin Rhoads — Wed, 31 Aug 2022 04:11:56 GMT

I was afraid of that. It looks that that procedure only works on the Firepower hardware with FXOS running.

You should be able to reimage altogether. Follow this procedure:

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#id_51368

topic Re: Locked out of ASA 5525-X - Username and password unknown in Network Security

Locked out of ASA 5525-X - Username and password unknown

Re: Locked out of ASA 5525-X - Username and password unknown

Re: Locked out of ASA 5525-X - Username and password unknown

Re: Locked out of ASA 5525-X - Username and password unknown

Re: Locked out of ASA 5525-X - Username and password unknown

Re: Locked out of ASA 5525-X - Username and password unknown