How to Decrypt Cisco Passwords
If ‘service password-encryption’ is not configured on the Cisco device, simply read the plain text passwords from the configuration file.
If ‘service password-encryption’ is configured on the Cisco device, most of the passwords are encrypted with a weak encryption algorithm (Type 7) that is easy to decrypt. Once there is access to the Cisco configuration file, the passwords can be decrypted fairly easily.
‘service password-encryption’ is enabled using the following command:
TopBits-Cisco (config)#service password-encryption
Network administrators often store IOS configuration files on TFTP
(Trivial File Transfer Protocol) servers. One server may have the
configuration files for every Cisco device on the network.
Cisco Password Encryption
Cisco uses two encryption methods to secure IOS passwords. The first, type 7, uses a Cisco proprietary weak encryption algorithm. The second, type 5, uses strong MD5 encryption.
Cisco Type 7 passwords
A password in the configuration file with a ’7′ in the second to last field is encrypted with Cisco’s weak proprietary algorithm. For example:
enable password 7 03003E2E05077C4F4007
There are many programs that decrypt Cisco type 7 passwords.
Here is a small PERL program to decrypt Cisco type 7 passwords:
#!/usr/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for original code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski
# for Cisco IOS password encryption facts.
#
# Use of this code for any malicious or illegal purposes is strictly prohibited!
#
@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );
while (<>) {
if (/(password|md5)s+7s+([da-f]+)/io) {
if (!(length($2) & 1)) {
$ep = $2; $dp = "";
($s, $e) = ($2 =~ /^(..)(.+)/o);
for ($i = 0; $i < length($e); $i+=2) {
$dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
}
s/7s+$ep/$dp/;
}
}
print;
Cisco Type 5 passwords
Enable secret passwords are hashed using the MD5 (Message Digest 5) algorithm instead of the weak Cisco proprietary algorithm. Enable secret passwords are not trivial to decrypt.
An “enable secret” password is configured using the following command:
TopBits-Cisco (config)#enable secret password
A password in the configuration file with a ’5′ in the second to last field is hashed using the MD5 algorithm. For example:
enable secret 5 $1$B8pH$PmmcMRoqfeEtQ7WxL865a0
Although MD5 is a strong algorithm, it may still be attacked with a dictionary attack or a brute force attack.
|
|
- How Do Password Hacking Programs Work?
Password hacking programs work by using a number of approaches to either decrypt or guess a working password. Three of the most common approaches that password hacking programs use are: Known Ciphertext Attacks Dictionary Attacks Brute Force Attacks The specific algorithm that the password hacking program implements depends on the password system’s design. Each password [...]...
- How to Audit Windows NT/2000/XP Passwords
Microsoft Windows NT/2000/XP passwords are encrypted as 32-bit one-way hashes using the MD4 messages digest algorithm. This is similar to the way that Unix stores passwords, although the hashing algorithm is different. For compatibility with legacy Microsoft LAN Manager software, Windows NT/2000/XP also stores the passwords redundantly as a 56-bit DES (Data Encryption Standard) hash. [...]...
- How to Audit Unix Passwords
To audit Unix passwords, you must compare each encrypted password in the Unix password file with a set of potential encrypted passwords. These potential encrypted passwords are created by encrypting every password in a list of plaintext passwords. This is an example of a dictionary attack. The Unix passwd File Location The traditional location for [...]...
- Netscape Navigator Stored Password Recovery
Netscape Navigator stores usernames and passwords for web sites which you have logged in to. Password storage is configured in Netscape Navigator under <Edit>, <Preferences>, <Privacy and Security>, <Passwords>. By default, Netscape Navigator stores all passwords unencrypted. Viewing Netscape Navigator stored passwords The usernames and passwords are stored are part of the Netscape Navigator user [...]...
- How to Find Stored Passwords on a Computer
There are a large number of websites and programs that prompt end users to save passwords on their personal computer(s). Popular web browsers such as Mozilla Firefox, Internet Explorer, Google Chrome, and instant messaging software like Windows Live Messenger are capable of saving user logins and passwords on the local computer. A common task that [...]...