I've often seen password decryption tools for the Cisco (type 7) passwords and wondered how they worked. To learn more about that and Perl I thought I'd give it a go :) The short story is it just seems to XOR each character against a value in an array. I'm sure its already clear but this will not work for md5 hashes like enable secret!

The tool will decrypt any type 7 (has a before it in the config) phrase e.g. local user passwords and enable passwords. It will also encrypt a string into a password compatiable with Cisco devices (tested on 6500s and 3750s).

Example of the tool:

m00nie@m00nie.com:~$ ./type7tool.pl


***************************************************************
*    Cisco (type 7) password tool from www.m00nie.com         *
* Use for any malice or illegal purposes strictly prohibited! *
***************************************************************

1. Decrypt a password
2. Encrypt plain text
3. Quit

Pick either 1, 2 or 3: 2
Enter the string to encrypt:
hiImTesting:)

Plain string was: hiImTesting:)
Encrypted string is: 020E0D7206320A325847071E5F5E


***************************************************************
*    Cisco (type 7) password tool from www.m00nie.com         *
* Use for any malice or illegal purposes strictly prohibited! *
***************************************************************

1. Decrypt a password
2. Encrypt plain text
3. Quit

Pick either 1, 2 or 3: 1
Enter the encrypted password: 020E0D7206320A325847071E5F5E

Encrypted pass was: 020E0D7206320A325847071E5F5E
Decrypted pass is: hiImTesting:)

Extract of the code:

sub encrypt {
        print "Enter the string to encrypt:\n";
        chomp ($ptext = <STDIN>);
        $pt = $ptext;
        $etext = "";
        $n = 2;
        $etext .=  sprintf("%.2o", $n);
        for ($k = 0; $k < length($pt); $k+=1){
                $tmp = ord(substr($pt,$k,1))^$xlat[$n++];
                $etext .= sprintf("%.2X", $tmp);
        }
        print "\nPlain string was: $ptext\n";
        print "Encrypted string is: $etext\n";
}

Grab the tool [here]. It must not be used for any malicious activity!

m00nie :D