Cisco Type 7 Passwords

Mark — Mon, 27 Apr 2009 11:33:48 +0000

The built in ‘cracker’ isn’t working at the moment but the process still stands. There are plenty of other sites/tools that can decrypt this type of password.

Hash Recovery Instructions

Connect the console cable, power on the router and hit break a few times to enter monitor mode
At the rommon prompt type confreg 0×2142 and hit enter
Type i and hit enter to restart the router.
When it has started up type enable to enter privileged mode
Type copy start run and hit enter
Type show run and look for an entry like this password 7 0235105A19005E3244
Put the long number string into the top box on this page (ignore password 7)
Hit Crack Password and marvel in your newly recovered password
Go back to the router and type conf t to switch to global configuration mode
Type config-register 0×2102 and hit enter
Press Ctrl-Z and type reload then hit enter and your done.

Type 5 Passwords

Don’t be fooled type 5 passwords can be cracked, it just takes a bit longer. You may have noticed an entry in your config that looked like this enable secret 5 $1$uWd7$maP6Byq6ETXegoZXG8vbZ0. This is a type 5 password.

Type 5 Recovery Instructions

Get a copy of John the Ripper
Create a text file with your hash in it, in the following format enable_secret_5:$1$uWd7$maP6Byq6ETXegoZXG8vbZ0
Save the text file as pass.txt
Assuming pass.txt is in the same folder as John type john-mmx.exe -inc:all pass.txt
After a while depending on the length of the password you will/should be presented with the passwords.

Obviously that’s how to do it in Windows but the Linux version is very similar.

Note: If you recognise the type 7 password from above then one of your old routers now belongs to me. Change your passwords because you’ve been owned.

Gravo.co.uk » Passwords

Cisco Type 7 Passwords