I have seen a few posts out there about this as well as links to sites that will decrypt a Cisco type 7 password. Since I am trying to share what I know I figured I might as well throw my hat into the ring and include this information here.
If you have a type 7 enable password such as : enable password 7 00331A0A087D071F012F7F5B1B0F0C011754 and want to decrpyt it, all you need is another router that you can get to enable (priv 15) access on and configuration mode.
Enter configuration mode and create a key-chain. For the key-string, tell it type 7 and cut-and-past the encrypted key
Rack1R6(config)#key chain DecrpytThis
Rack1R6(config-keychain)#key 1
Rack1R6(config-keychain-key)#key-string 7 00331A0A087D071F012F7F5B1B0F0C011754
Then all you have to do from a command prompt is issue show key chain
Rack1R6#sh key chain
Key-chain DecrpytThis:
key 1 — text “WillFlynnSurvive?“
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
Rack1R6#
As you can see here, the password is WillFlynnSurvive?
This works for any Type 7 password, including users. Below I have done a show run | inc user and they added Key 2 with he user type 7 password.
Rack1R6#sh run | inc user
username Flynn privilege 15 password 7 0478071303245F5D
Rack1R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R6(config)#key chain DecryptThis
Rack1R6(config-keychain)#key 2
Rack1R6(config-keychain-key)#key-string 7 0478071303245F5D
Rack1R6(config-keychain-key)#^Z
Rack1R6#sh key chain
Key-chain DecrpytThis:
key 1 — text “WillFlynnSurvive?”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
Key-chain DecryptThis:
key 2 — text “Cluless“
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
Rack1R6#
As you can see, the password for Key 2 ( the user one we just added ) is Cluless
Now, I am not sure if you noticed but for the first example the password is WillFlynnSurvive? – yes, that is a question mark in the password. If you want to use a question mark as part of your password, you need to enter ctrl-v prior to typing the question mark in the password or the IOS will think you are looking for help. Old dirty CCIE lab prep tricks there.
Type 7 password decryption via IOS router (? bonus)
18 Thursday Nov 2010
Posted Uncategorized
in≈ Comments Off on Type 7 password decryption via IOS router (? bonus)