I made a small tool to decrypt Cisco IOS type 7 passwords, it can also encrypt clear text passwords if required.
You can find how the passwords are encrypted / decrypted in the following article from SANS:
I made this script in order to practice, and I realized that Cisco passwords can be custom long, and none of the existing tools has a full XLAT table to make the decryption. I made very long (50+ characters) passwords, made from the same letter. I realized that after 51 characters the encryption is the same, meaning that the full XLAT table is 51 size long, and if the password is longer it will start from the beginning. Based on this, I got the full table:
xlat = [0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64
, 0x4a, 0x4b, 0x44, 0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39, 0x38, 0x33, 0x34, 0x6e, 0x63,
0x78, 0x76, 0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37]
The tool usage:
c:\>ciscot7.py --help
Usage: ciscot7.py [options]
Options:
-h, --help show this help message and exit
-e, --encrypt Encrypt password
-d, --descrypt Decrypt password. This is the default
-p PASSWORD, --password=PASSWORD
Password to encrypt / decrypt
-f FILE, --file=FILE Cisco config file, only for decryption
If we specify a config file, it will look for all type 7 passwords in it.
License: MIT
No comments:
Post a Comment