Cracking Cisco Type 7 passwords by hand

Although you should be using MD5 or SHA256 for password security, Type 7 passwords are still in use and so I thought this would be a fun learning exercise.

The ‘service password-encryption‘ or Type 7 password is based on a known proprietary weak encryption algorithm using XOR and can be recognized in the configuration file as,

password 7 030752180500

Note: Type 5 uses MD5 and looks similar to this,

enable secret 5 $1$OB1J$tNsFgEZ4kD1qituaAeYfa0

There are plenty of scripts or websites that can crack Type 7 passwords in less than a second, including one on Cisco’s website. This example will show how this can be done with just pen and paper. Continue reading Cracking Cisco Type 7 passwords by hand