Decrypt type-7 password with Cisco IOS

There are many tools to decrypt Cisco type-7 password, based on Vigenere algorithm. But, what can we do if we can not use these software? The Cisco-IOS method might not be new to some, but those that don’t know about it will find it useful.

Suppose you would decrypt these string:

username cisco password 7 0718365B000A1016141D11050A2F6527273E
username fabio password 7 0110140558004B0224014600110C

To find the password, you can use the Cisco Key Chain:

Ciscozine(config)#key chain test
Ciscozine(config-keychain)#key 1
Ciscozine(config-keychain-key)#key-string 7 0718365B000A1016141D11050A2F6527273E
Ciscozine(config-keychain)#key 2
Ciscozine(config-keychain-key)#key-string 7 0110140558004B0224014600110C

The “show key chain” command displays the password configured in a key chain in cleartext even when the same password is stored as type-7 obfuscated password in the router configuration!

Ciscozine#show key chain
Key-chain test:
    key 1 -- text "www.ciscozine.com"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
    key 2 -- text "crack-me-hihi"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
Ciscozine#

 

Remember: The Key Chain feature is used to add more security (key, lifetime, …) to RipV2, IGRP, EIGRP and DRP Server Agent, but could also be useful to decrypt type-7 password!

7 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.