Cisco (type 7) password decryption and encryption with Perl
I've often seen password decryption tools for the Cisco (type 7) passwords and wondered how they worked. To learn more about that and Perl I thought I'd give it a go :) The short story is it just seems to XOR each character against a value in an array. I'm sure its already clear but this will not work for md5 hashes like enable secret!
The tool will decrypt any type 7 (has a before it in the config) phrase e.g. local user passwords and enable passwords. It will also encrypt a string into a password compatible with Cisco devices (tested on 6500s and 3750s).
Example of the tool:
m00nie@m00nie.com:~$ ./type7tool.pl
***************************************************************
* Cisco (type 7) password tool from www.m00nie.com *
* Use for any malice or illegal purposes strictly prohibited! *
***************************************************************
1. Decrypt a password
2. Encrypt plain text
3. Quit
Pick either 1, 2 or 3: 2
Enter the string to encrypt:
hiImTesting:)
Plain string was: hiImTesting:)
Encrypted string is: 020E0D7206320A325847071E5F5E
***************************************************************
* Cisco (type 7) password tool from www.m00nie.com *
* Use for any malice or illegal purposes strictly prohibited! *
***************************************************************
1. Decrypt a password
2. Encrypt plain text
3. Quit
Pick either 1, 2 or 3: 1
Enter the encrypted password: 020E0D7206320A325847071E5F5E
Encrypted pass was: 020E0D7206320A325847071E5F5E
Decrypted pass is: hiImTesting:)
Extract of the code:
sub encrypt {
print "Enter the string to encrypt:\n";
chomp ($ptext = <STDIN>);
$pt = $ptext;
$etext = "";
$n = 2;
$etext .= sprintf("%.2o", $n);
for ($k = 0; $k < length($pt); $k+=1){
$tmp = ord(substr($pt,$k,1))^$xlat[$n++];
$etext .= sprintf("%.2X", $tmp);
}
print "\nPlain string was: $ptext\n";
print "Encrypted string is: $etext\n";
}
Grab the tool [here]. It must not be used for any malicious activity!
m00nie :D