Decrypting Type 7 Passwords – within the IOS!
Decrypting Type 7 Password on Cisco Router
You know those type 7 (non-MD5) so-called “encryption” strings that appear when service password-encryption is used? A lot of people copy the string and go to websites (google cisco password cracker) and use a java applet or something to decrypt them.
However, you can actually do this on any cisco router. This is how you do it. Try this little test:
conf t
enable password cisco
service password-encryption
show run | inc password
enable password 7 070C285F4D06 <=== (encrypted string for “cisco”)
Now, to decrypt it, set up a key chain (in this example named “daz” and copy the encrypted garble as the key-string
conf t
key chain daz
key 1
key-string 7 070C285F4D06
Ctrl-Z
now, to decrypt the string,
cisco_877w#show key chain daz
Key-chain daz:
key 1 — text “cisco”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
So showing the key chain will reveal the unencrypted string for “cisco”