Tuesday, May 3, 2011

Decode Password 7 Hash in a Cisco IOS Router

I've used the technique of decoding an old password 7 hash encryption in the IOS of a router several times now. It's nothing new and I'm not taking credit, I only figured it'd be nice to help share the wealth. Two major facts I like is that you don't have to enter your password 7 hash into someone else's "decrypter" and it's very clean. (Side note: This cannot be used for secret MD5 algorithm hash. You'd have to brute force the hash to decrypt it.)

If you have don't have a password 7 hash, here's how I easily created one inside the configure terminal of a router for an example:
example>en
Password:
example#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
example(config)#service password-encryption
example(config)#username ichoosepoorencryption password andlamepasswords
example(config)#do show run | include ichoosepoorencryption
username ichoosepoorencryption password 7 0305550F0A0E2C495E080A16001D190817

Now with your password 7 hash, or the example, create a key chain and add the password 7 hash as a key string:
example(config)#key chain somename
example(config-keychain)#key 1
example(config-keychain-key)#key-string 7 0305550F0A0E2C495E080A16001D190817

Last part, decrypt the key chain to show the password in clear text:
example(config-keychain-key)#do show key chain somename
Key-chain somename:
key 1 -- text "andlamepasswords"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
example(config-keychain-key)#

Very simple and affective. Now, for that Royale with Cheese!

Example Putty Output on a Cisco 1812 Service Router:


Reference:
http://blog.ioshints.info/2007/11/type-7-decryption-in-cisco-ios.html
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00809d38a7.shtml
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml