Sunday, December 15, 2013

Tool: Cisco Type 7 Password Decrypter

I made a small tool to decrypt Cisco IOS type 7 passwords, it can also encrypt clear text passwords if required. 

You can find how the passwords are encrypted / decrypted in the following article from SANS:

I made this script in order to practice, and I realized that Cisco passwords can be custom long, and none of the existing tools has a full XLAT table to make the decryption. I made very long (50+ characters) passwords, made from the same letter. I realized that after 51 characters the encryption is the same, meaning that the full XLAT table is 51 size long, and if the password is longer it will start from the beginning. Based on this, I got the full table:

xlat = [0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64
, 0x4a, 0x4b, 0x44, 0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39, 0x38, 0x33, 0x34, 0x6e, 0x63,
0x78, 0x76, 0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37]

The tool usage:

c:\>ciscot7.py --help
Usage: ciscot7.py [options]

Options:
  -h, --help            show this help message and exit
  -e, --encrypt         Encrypt password
  -d, --descrypt        Decrypt password. This is the default
  -p PASSWORD, --password=PASSWORD
                        Password to encrypt / decrypt
  -f FILE, --file=FILE  Cisco config file, only for decryption

If we specify a config file, it will look for all type 7 passwords in it.

License: MIT

You can download it from: https://sites.google.com/site/csabyblog/home/ciscot7

No comments: