Click here to find books related to 'cisco routers'.


#! /bin/sh
## Decrypts cisco "encrypted" passwords.  Feed this confg files as stdin.
## Anything that looks like a "type 7 encrypted" string gets decrypted.
## This should really be a C program, but is presented as a script just to
## piss off a certain group of people.  One beer, please...

while read xx ; do
  case "$xx" in
    *d\ 7\ [01]??* ) ;;
    *) continue ;;
  esac
  DEC=`echo "$xx" | sed -e 's/.* //' -e 's/\(^..\).*/\1/'`
  DP1=`expr $DEC + 1`
  HEX=`echo "$xx" | sed -e 's/.* //' -e 's/^..\(..*\)/\1/'`
  echo 'dsfd;kfoA,.iyewrkldJKDHSUB' | cut -c "${DP1}-30" > /tmp/cis$$.pad
  echo '#' > /tmp/cis$$.in
  for xx in 1-2 3-4 5-6 7-8 9-10 11-12 13-14 15-16 17-18 19-20 21-22 ; do
    echo "${HEX}" | cut -c $xx | sed -e '/^$/q' -e 's/^/0x/' >> /tmp/cis$$.in
  done
  echo -n "${DEC}${HEX}: "
  data -g < /tmp/cis$$.in | xor /tmp/cis$$.pad
  echo ''
done
rm -f /tmp/cis$$.pad /tmp/cis$$.in
exit 0

# Discussion:

# When "service password-encryption" is configured into a cisco router and
# the configuration subsequently viewed, the passwords are no longer printed
# as plaintext but as strings of randomish-looking garbage.  Analysis of
# several samples reveals the scrambling algorithm to be trivially weak.

# Dr. Delete derived and published an analysis and decryption program some
# time ago, but since that didn't seem to be generally available at the time
# I went looking for it, here is an independent explanation.  This was worked
# out on PAPER over a plate of nachos in a hotel bar in downtown LA, but
# still illustrates where a general-purpose "xor" handler can be useful for
# quickly cracking lame "proprietary" algorithms of this genre.

# Passwords can be up to eleven mixed-case characters.  In the "encrypted"
# representation, the first two bytes of the long string are a random decimal
# offset between 0 and 15 into a magic block of characters, and the remaining
# bytes are ascii-hex representations of the password bytes xored against
# the character-block bytes from the given offset on down.  The character
# block is "dsfd;kfoA,.iyewrkldJKDHSUB", which is enough for a maximum-length
# password at the maximum offset.

# Another character block consisting of "sgvca69834ncxv9873254k;fg87" is
# located after the first one in the IOS image, which may be relevant to
# something else and is simply mentioned here for posterity.  It is also
# interesting to note that the strings "%02d" and "%02x" occur immediately
# afterward, which in light of the above is another clue.

# _H* 960315


This page was created Wed Aug 11 23:18:00 EDT 1999
Using Linux version 2.0.32 on an i586

Main Page @ Matarese.com The Myth of the 2600Hz Detector @ Matarese.com       Acquiring Account Information @ Matarese.com      

Act2! by Symantec @ Matarese.com       All hacks / Annoyance @ Matarese.com      

Alt 2600 Group FAQ @ Matarese.com       Hacking Angelfire @ Matarese.com      

Anonymous E-Mail @ Matarese.com       Anonymous FTP: Frequently Asked Questions (FAQ) @ Matarese.com      

Maintaining Access - Implementing Backdoors @ Matarese.com       How to Receive Banned Newsgroups FAQ @ Matarese.com      

Hacking BBS's @ Matarese.com       phreaking tutorial @ Matarese.com      

The Bluebox @ Matarese.com       List of Common Bugs @ Matarese.com      

Things that go Bump on the Internet @ Matarese.com       Hacking Calling Cards @ Matarese.com      

Expanding the capacity of Caller ID Boxes @ Matarese.com       What is Caller-ID? @ Matarese.com      

Hacking Call Back Verify @ Matarese.com       CULT OF THE DEAD COW @ Matarese.com      

Cellular Roaming: The New Deals @ Matarese.com       CELLULAR TELEPHONE PHREAKING PHILE SERIES @ Matarese.com      

Cracking Unix passwords @ Matarese.com       Hacking Webpages @ Matarese.com      

The Matarese Circle @ Matarese.com            

Cops and Robbers | UNIX Security @ Matarese.com       Credit Carding Part I @ Matarese.com      

Exploits FAQ @ Matarese.com       Making Free Calls @ Matarese.com      

FTP Bouncing @ Matarese.com       Hackers Encyclopedia @ Matarese.com      

Hacking from Windows9x FTP @ Matarese.com       Hacking Tripod @ Matarese.com      

Hacking Web Pages @ Matarese.com       How to crack a UNIX password file. @ Matarese.com      

Hacking Servers : A Begginners Guide @ Matarese.com       Hacking Tutorial @ Matarese.com      

Hacking UNIX @ Matarese.com       How to Hack the WWWboard Message Board 2.0 @ Matarese.com      

Hackers Handbook @ Matarese.com       Guide to Harmless-Hacking @ Matarese.com      

All about security holes @ Matarese.com       Hacking Hotmail @ Matarese.com      

]How to Hack from from Harlequin and Archangel @ Matarese.com       Improve security by breaking into your site @ Matarese.com      

Ch1can0 BEOWULF @ Matarese.com       Internet Security @ Matarese.com      

IRC Hacking FAQ by Lord Somer @ Matarese.com       Lan Technology Scorecard @ Matarese.com      

Harmless Hacking - Linux @ Matarese.com       INDEX @ Matarese.com      

Mail Spoofing Explained @ Matarese.com       Microsoft IIS Vulnerability @ Matarese.com      

Microsoft(Yuk) Index Server exposes IDs and Passwords @ Matarese.com       Intresting Microsoft Access 7.0 Trick @ Matarese.com      

MS Money 2.0 Back Door @ Matarese.com       Mind Your Own Business (MYOB) @ Matarese.com      

This Hack is for the OptiChat Original Chat Room @ Matarese.com       Internet Outdials @ Matarese.com      

Introduction to the Internet Protocols @ Matarese.com       Analysis of QueSO Performance @ Matarese.com      

Finger - ATTACKING FROM THE OUTSIDE @ Matarese.com       L0pht Security Advisory - Sendmail 8.7.5 @ Matarese.com      

Sniffer FAQ V 1.7 @ Matarese.com       SSPING/JOLT patches @ Matarese.com      

WORKING OUT-TELNETS @ Matarese.com       How do I post to a moderated newsgroup? @ Matarese.com      

What You Should Know About Computer Viruses @ Matarese.com       How can I protect myself from viruses and such? @ Matarese.com      

What is a trojan/worm/virus/logic bomb? @ Matarese.com       VMS Info (Password Cracking) @ Matarese.com      

HACKING THE WAL-MART ARMORGUARD COMPUTER PROTECTION SYSTEM @ Matarese.com       Using web proxies to disguise your IP address @ Matarese.com      

Dig up hidden CD Keys @ Matarese.com       X-Windows Security @ Matarese.com      

Copyright (C) 1999 - Matarese.com