Feb
16
2011
16
2011
Decrypt type-7 password with Cisco IOS
An article by Fabio Semperboni Tutorial
There are many tools to decrypt Cisco type-7 password, based on Vigenere algorithm. But, what can we do if we can not use these software? The Cisco-IOS method might not be new to some, but those that don’t know about it will find it useful.
Suppose you would decrypt these string:
username cisco password 7 0718365B000A1016141D11050A2F6527273E username fabio password 7 0110140558004B0224014600110C
To find the password, you can use the Cisco Key Chain:
Ciscozine(config)#key chain test Ciscozine(config-keychain)#key 1 Ciscozine(config-keychain-key)#key-string 7 0718365B000A1016141D11050A2F6527273E Ciscozine(config-keychain)#key 2 Ciscozine(config-keychain-key)#key-string 7 0110140558004B0224014600110C
The “show key chain” command displays the password configured in a key chain in cleartext even when the same password is stored as type-7 obfuscated password in the router configuration!
Ciscozine#show key chain Key-chain test: key 1 -- text "www.ciscozine.com" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] key 2 -- text "crack-me-hihi" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] Ciscozine#
Remember: The Key Chain feature is used to add more security (key, lifetime, …) to RipV2, IGRP, EIGRP and DRP Server Agent, but could also be useful to decrypt type-7 password!
Summary

Article Name
Decrypt type-7 password with Cisco IOS
Description
There are many tools to decrypt Cisco type-7 password, based on Vigenere algorithm. But, what can we do if we can not use these software? The Cisco-IOS method might not be new to some, but those that don’t know about it will find it useful.
Author
Fabio Semperboni
Related Posts
Email Updates
Tags
Advanced configuration
ASA
AXP
Basic configuration
BGP
Buffer overflows
Business
CCIE
Certifications
Ciscozine
Competition
CSRF
DMVPN
DOS
Etherchannel
GRE over IPsec
Hidden commands
High Availability
HSRP
Inject data
IOS
IPv6
Linksys
Monitor
NAT
NX-OS
PHP
Privilege escalation
Reload
Remote Control
Report
Routing
Secure a router
Security
SNMP
Software
SPAN
Spanning-Tree
SQL injection
SSH
Tips
Video
VPN
WebEx
Wifi