Archive for the ‘ In Progress ’ Category

Cisco Type 7 Passwords

The built in ‘cracker’ isn’t working at the moment but the process still stands. There are plenty of other sites/tools that can decrypt this type of password.

  • Hash Recovery Instructions
    1. Connect the console cable, power on the router and hit break a few times to enter monitor mode
    2. At the rommon prompt type confreg 0x2142 and hit enter
    3. Type i and hit enter to restart the router.
    4. When it has started up type enable to enter privileged mode
    5. Type copy start run and hit enter
    6. Type show run and look for an entry like this password 7 0235105A19005E3244
    7. Put the long number string into the top box on this page (ignore password 7)
    8. Hit Crack Password and marvel in your newly recovered password
    9. Go back to the router and type conf t to switch to global configuration mode
    10. Type config-register 0x2102 and hit enter
    11. Press Ctrl-Z and type reload then hit enter and your done.
  • Type 5 Passwords

    Don’t be fooled type 5 passwords can be cracked, it just takes a bit longer. You may have noticed an entry in your config that looked like this enable secret 5 $1$uWd7$maP6Byq6ETXegoZXG8vbZ0. This is a type 5 password.

  • Type 5 Recovery Instructions
    1. Get a copy of John the Ripper
    2. Create a text file with your hash in it, in the following format enable_secret_5:$1$uWd7$maP6Byq6ETXegoZXG8vbZ0
    3. Save the text file as pass.txt
    4. Assuming pass.txt is in the same folder as John type john-mmx.exe -inc:all pass.txt
    5. After a while depending on the length of the password you will/should be presented with the passwords.
  • Obviously that’s how to do it in Windows but the Linux version is very similar.

    Note: If you recognise the type 7 password from above then one of your old routers now belongs to me. Change your passwords because you’ve been owned.