I have seen a few posts out there about this as well as links to sites that will decrypt a Cisco type 7 password.  Since I am trying to share what I know I figured I might as well throw my hat into the ring and include this information here.

If you have a type 7 enable password such as : enable password 7 00331A0A087D071F012F7F5B1B0F0C011754 and want to decrpyt it, all you need is another router that you can get to enable (priv 15) access on and configuration mode.

Enter configuration mode and create a key-chain. For the key-string, tell it type 7 and cut-and-past the encrypted key

Rack1R6(config)#key chain DecrpytThis
Rack1R6(config-keychain)#key 1
Rack1R6(config-keychain-key)#key-string 7 00331A0A087D071F012F7F5B1B0F0C011754

Then all you have to do from a command prompt is issue show key chain

Rack1R6#sh key chain
Key-chain DecrpytThis:
key 1 — text “WillFlynnSurvive?
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
Rack1R6#

As you can see here, the password is WillFlynnSurvive?

This works for any Type 7 password, including users.  Below I have done a show run | inc user and they added Key 2 with he user type 7 password.

Rack1R6#sh run | inc user
username Flynn privilege 15 password 7 0478071303245F5D
Rack1R6#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R6(config)#key chain DecryptThis
Rack1R6(config-keychain)#key 2
Rack1R6(config-keychain-key)#key-string 7 0478071303245F5D
Rack1R6(config-keychain-key)#^Z
Rack1R6#sh key chain
Key-chain DecrpytThis:
key 1 — text “WillFlynnSurvive?”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
Key-chain DecryptThis:
key 2 — text “Cluless
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
Rack1R6#

As you can see, the password for Key 2 ( the user one we just added ) is Cluless

 

Now, I am not sure if you noticed but for the first example the password is WillFlynnSurvive? – yes, that is a question mark in the password.  If you want to use a question mark as part of your password, you need to enter ctrl-v prior to typing the question mark in the password or the IOS will think you are looking for help. Old dirty CCIE lab prep tricks there.

 

 

www.pdf24.org    Send article as PDF