Home > CISCO, Security > Decrypting Type 7 Passwords – within the IOS!

Decrypting Type 7 Passwords – within the IOS!

July 2nd, 2009

Decrypting Type 7 Password on Cisco Router

You know those type 7 (non-MD5) so-called “encryption”  strings that appear when service password-encryption is used?  A lot of people copy the string and go to websites (google cisco password cracker) and use a java applet or something to decrypt them.

However, you can actually do this on any cisco router.  This is how you do it. Try this little test:

conf t

enable password cisco
service password-encryption

show run | inc password

enable password 7 070C285F4D06  <=== (encrypted string for “cisco”)

Now, to decrypt it, set up a key chain (in this example named “daz” and copy the encrypted garble as the key-string

conf t
key chain daz
key 1
key-string 7 070C285F4D06

now, to decrypt the string,

cisco_877w#show key chain daz
Key-chain daz:
key 1 — text “cisco”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]

So showing the key chain will reveal the unencrypted string for “cisco”

Categories: CISCO, Security Tags: ,
Comments are closed.