Cisco Type 7 Passwords
by admin on Apr.27, 2009, under In Progress, Passwords, Tools
The built in ‘cracker’ isn’t working at the moment but the proccess still stands. There are plenty of other sites/tools that can decrypt this type of password.
Take the Cisco type 7 password and paste it into the box below. Then click “Crack Password”.
- Connect the console cable, power on the router and hit break a few times to enter monitor mode
- At the rommon prompt type confreg 0×2142 and hit enter
- Type i and hit enter to restart the router.
- When it has started up type enable to enter privileged mode
- Type copy start run and hit enter
- Type show run and look for an entry like this password 7 0235105A19005E3244
- Put the long number string into the top box on this page (ignore password 7)
- Hit Crack Password and marvel in your newly recovered password
- Go back to the router and type conf t to switch to global configuration mode
- Type config-register 0×2102 and hit enter
- Press Ctrl-Z and type reload then hit enter and your done.
Type 5 Passwords
Don’t be fooled type 5 passwords can be cracked, it just takes a bit longer. You may have noticed an entry in your config that looked like this enable secret 5 $1$uWd7$maP6Byq6ETXegoZXG8vbZ0. This is a type 5 password.
- Get a copy of John the Ripper
- Create a text file with your hash in it, in the following format enable_secret_5:$1$uWd7$maP6Byq6ETXegoZXG8vbZ0
- Save the text file as pass.txt
- Assuming pass.txt is in the same folder as John type john-mmx.exe -inc:all pass.txt
- After a while depending on the length of the password you will/should be presented with the passwords.
Obviously that’s how to do it in Windows but the Linux version is very similar.
Note: If you recognise the type 7 password from above then one of your old routers now belongs to me. Change your passwords because you’ve been owned.