Tutorial

Decrypt type-7 password with Cisco IOS

By Fabio Semperboni

There are many tools to decrypt Cisco type-7 password, based on Vigenere algorithm. But, what can we do if we can not use these software? The Cisco-IOS method might not be new to some, but those that don’t know about it will find it useful.

Suppose you would decrypt these string:

username cisco password 7 0718365B000A1016141D11050A2F6527273E
username fabio password 7 0110140558004B0224014600110C

To find the password, you can use the Cisco Key Chain:

Ciscozine(config)#key chain test
Ciscozine(config-keychain)#key 1
Ciscozine(config-keychain-key)#key-string 7 0718365B000A1016141D11050A2F6527273E
Ciscozine(config-keychain)#key 2
Ciscozine(config-keychain-key)#key-string 7 0110140558004B0224014600110C

The “show key chain” command displays the password configured in a key chain in cleartext even when the same password is stored as type-7 obfuscated password in the router configuration!

Ciscozine#show key chain
Key-chain test:
    key 1 -- text "www.ciscozine.com"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
    key 2 -- text "crack-me-hihi"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
Ciscozine#

 

Remember: The Key Chain feature is used to add more security (key, lifetime, …) to RipV2, IGRP, EIGRP and DRP Server Agent, but could also be useful to decrypt type-7 password!

7 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous articleHow to decode G.729
Next articleFebruary 2011: nine Cisco vulnerabilities

Popular posts

NAT and PAT: a complete explanation

Tutorial
Network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. There...

802.1X Deployment Guide: Global configuration

Tutorial
In the previous article, I illustrated what are the dot1x and the benefits related to it. Just to remember that 802.1X authentication involves three...

Access to the console via AUX port

Tutorial
Often in a network environment, it is needed to manage a router/switch via console, but what can you do if you don't have a...

How to upgrade a Cisco stack

Tutorial
One of the task of a good Network engineer is to update the Cisco IOS to avoid bugs and to have new features; but...

Troubleshoot a DMVPN phase 3 architecture

Tutorial
In the last article, I explained how to configure DMVPN phase3, but what are the most useful commands to troubleshoot this type of network...

How to trace MAC address

Tutorial
Traceroute is a tool for measuring the route path and transit times of packets across an Internet Protocol (IP) network. Traceroute sends a sequence of...

802.1x: Introduction and general principles

Tutorial
IEEE 802.1X is an IEEE Standard for port-based Network Access Control to prevent unauthorized devices from gaining access to the network. It defines the...

CoPP?! What is that?

Tutorial
Cisco Network Foundation Protection (NFP) is an umbrella strategy encompassing Cisco IOS Security features that provides the tools, technologies, and services that enable organizations...

Protecting against MAC flooding attack

Tutorial
In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the...

Friends

Copyright © 2008 - 2022 Ciscozine.
All rights reserved.