The Firewall.cx Cisco Password Decoder Tool (see below) provides readers with the ability to decrypt 'Type 7' cisco passwords.
Enter Your Encrypted Password Below:
To use this tool, simply copy & paste your 'type 7' password in the provided field below and click on the 'Submit' button. The system will then process and reveal the text-based password. For security reasons, our system will not track or save any passwords decoded.
Note: If your a Network Engineer or Administrator, be sure to check out our highly recommended Web Monitoring/Proxy solutionWeb Monitoring/Proxy solution that includes:
- Realtime Monitoring of which files users can download
- Phishing site protection
- Complete Internet access control
- Automatically filter & limit web browsing and much more
MORE INFORMATION ON CISCO PASSWORDS AND WHICH CAN BE DECODED
Back in late 1995, a non-Cisco source had released a program that was able to decrypt user passwords (and other type of passwords) in Cisco configuration files.
This new program was a major headache for Cisco since most users were relying on Cisco's equipment for their repulation of strong encryption and security capabilities. What users were not aware was that there are two different type of encryption mechanisms used by Cisco's IOS, one which was reversable (Type 7 Passwords) and one which is not (Type 5).
Even until today, administrators and users still make use of the weaker Type 7 passwords, mainly because they aren't aware that these passwords can be decrypted.
KNOWING WHAT CAN AND CANNOT BE DECRYPTED
It is important to understand that only the following type of passwords are able to be decrypted. Thefollowing examples show which common areas Type 7 passwords are used in Cisco equipment:
User Passwords
Used to create users with different privilege levels on Cisco devices.
username chris privilege 15 password 7 02000D490E110E2D40000A01
Enable Password
Used to gain elevated access on the Cisco device.
enable password 7 01150F165E1C07032D
Access Point SSID Keys
dot11 ssid private
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 01150F165E1C07032D
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 01150F165E1C07032D
If wpa-psk ascii 0 is used then the ascii text that follows is clear text and its not encrypted.
ENCRYPTION METHODS CANNOT BE DECRYPTED
As opposed to Type 7 Passwords which can easily be decrypted, Secret 5 passwords cannot be decrypted as the password has ben hashed with MD5. This is also the recommened way of creating and storing passwords on your Cisco devices.
Following are a number of examples where Secret 5 passwords can and should be used:
User Passwords
username chris privilege 15 secret 5 $1$KNaN$SCe/xMbtBEe6ch5d2bq5J.
Enable Password
enable secret 5 $1$2UjJ$cDZ05dfEGA7mHfE4RSbWiQ.
Unfortunately Access Point SSID Keys do not support Type 5 passwords. This means that any passwords configured into the access point should be stored in a safe place.
We trust the information was valuable and hope users will stop using Type 7 Passwords in mission critical equipment.
No comments:
Post a Comment