Most of us know that the type 7 password that is used on Cisco routers / switches isn’t very secure. Just do a google search for “cisco type 7 decrypt” and you will find plenty of websites that decrypt it for you.
What most of us don’t realize, is that you don’t need any external tools…your router can also decrypt it for you. Here’s how to do it:
R1(config)#username RENE password MYPASSWORD
R1(config)#service password-encryption
First I will configure a username with a password and enable password encryption. Let’s see what it looks like in the running config:
R1#show run | include username
username RENE password 7 080C757E282A36203D3928
To decrypt this string, we need to use a key chain:
R1(config)#key chain DECRYPT
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) user password
We’ll use “7” and paste the password string here:
R1(config-keychain-key)#key-string 7 080C757E282A36203D3928
Now take a look at the key chain that we just configured:
R1#show key chain DECRYPT
Key-chain DECRYPT:
key 1 -- text "MYPASSWORD"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Voila! There’s the decrypted password…perhaps this trick is useful for a CCIE lab.
No comments:
Post a Comment