|
/* This code is originally from a Bugtraq post by Jared Mauch <jared@puck.nether.net> . I patched it with an improved translation table by Janos Zsako <zsako@BANKNET.NET> -Fyodor (fyodor@dhp.com) */ #include <stdio.h> #include <ctype.h> char xlat[] = { 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 }; char pw_str1[] = " password 7 "; char pw_str2[] = "enable password 7 "; char pw_str3[] = "ip ftp password 7 "; char pw_str4[] = " ip ospf message-digest-key 1 md5 7 "; char *pname; cdecrypt(enc_pw, dec_pw) char *enc_pw; char *dec_pw; { unsigned int seed, i, val = 0; if(strlen(enc_pw) & 1) return(-1); seed = (enc_pw[0] - '0') * 10 + enc_pw[1] - '0'; if (seed > 15 || !isdigit(enc_pw[0]) || !isdigit(enc_pw[1])) return(-1); for (i = 2 ; i <= strlen(enc_pw); i++) { if(i !=2 && !(i & 1)) { dec_pw[i / 2 - 2] = val ^ xlat[seed++]; val = 0; } val *= 16; if(isdigit(enc_pw[i] = toupper(enc_pw[i]))) { val += enc_pw[i] - '0'; continue; } if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F') { val += enc_pw[i] - 'A' + 10; continue; } if(strlen(enc_pw) != i) return(-1); } dec_pw[++i / 2] = 0; return(0); } usage() { fprintf(stdout, "Usage: %s -p <encrypted password>\n", pname); fprintf(stdout, " %s <router config file> <output file>\n", pname); return(0); } main(argc,argv) int argc; char **argv; { FILE *in = stdin, *out = stdout; char line[257]; char passwd[65]; unsigned int i, pw_pos; pname = argv[0]; if(argc > 1) { if(argc > 3) { ffb usage(); exit(1); } if(argv[1][0] == '-') { switch(argv[1][1]) { case 'h': usage(); break; case 'p': bzero(passwd, sizeof(passwd)); if(cdecrypt(argv[2], passwd)) { fprintf(stderr, "Error.\n"); exit(1); } fprintf(stdout, "password: %s\n", passwd); break; default: fprintf(stderr, "%s: unknow option.", pname); } return(0); } if((in = fopen(argv[1], "rt")) == NULL) exit(1); if(argc > 2) if((out = fopen(argv[2], "wt")) == NULL) exit(1); } while(1) { for(i = 0; i < 256; i++) { if((line[i] = fgetc(in)) == EOF) { if(i) break; fclose(in); fclose(out); return(0); } if(line[i] == '\r') i--; if(line[i] == '\n') break; } pw_pos = 0; line[i] = 0; if(!strncmp(line, pw_str1, strlen(pw_str1))) pw_pos = strlen(pw_str1); if(!strncmp(line, pw_str2, strlen(pw_str2))) pw_pos = strlen(pw_str2); if(!strncmp(line, pw_str3, strlen(pw_str3))) pw_pos = strlen(pw_str3); if(!strncmp(line, pw_str4, strlen(pw_str4))) pw_pos = strlen(pw_str4); if(!pw_pos) { fprintf(stdout, "%s\n", line); continue; } bzero(passwd, sizeof(passwd)); if(cdecrypt(&line[pw_pos], passwd)) { fprintf(stderr, "Error.\n"); exit(1); } else { if(pw_pos == strlen(pw_str1)) fprintf(out, "%s", pw_str1); else if (pw_pos == strlen(pw_str2)) fprintf(out, "%s", pw_str2); else if (pw_pos == strlen(pw_str3)) fprintf(out, "%s", pw_str3); else if (pw_pos == strlen(pw_str4)) fprintf(out, "%s", pw_str4); fprintf(out, "%s\n", passwd); } } } Date: Mon, 12 Jan 1998 00:36:09 +0200 From: Riku Meskanen <mesrik@cc.jyu.fi> To: BUGTRAQ@NETSPACE.ORG Subject: perl version of that tin opener (IOS decrypt.c) Howdy, Squeezed the decrypt.c[1] with perl a bit, just for seeing better how simple that IOS type 7 encryption really is. [1] http://www.rootshell.com/archive-Rbf4ahcmxzw5qn2S/199711/ciscocrack.c :-) riku #!/usr/bin/perl -w # $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $ # # Credits for orginal code and description hobbit@avian.org, # SPHiXe, .mudge et al. and for John Bashinski <jbash@CISCO.COM> # for Cisco IOS password encryption facts. # # Use for any malice or illegal purposes strictly prohibited! # @xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 ); while (<>) { if (/(password|md5)\s+7\s+([\da-f]+)/io) { if (!(length($2) & 1)) { $ep = $2; $dp = ""; ($s, $e) = ($2 =~ /^(..)(.+)/o); for ($i = 0; $i < length($e); ffb $i+=2) { $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++]; } s/7\s+$ep/$dp/; } } print; } # eof -- [ This .signature intentionally left blank ] From jbash@cisco.com Sun Feb 15 05:18:16 1998 Date: Mon, 10 Nov 1997 16:39:36 -0800 From: John Bashinski <jbash@cisco.com> To: BUGTRAQ@NETSPACE.ORG Subject: Cisco IOS password encryption facts -----BEGIN PGP SIGNED MESSAGE----- A non-Cisco source has recently released a new program to decrypt user passwords (and other passwords) in Cisco configuration files. The program will not decrypt passwords set with the "enable secret" command. The unexpected concern that this program has caused among Cisco customers has led us to suspect that many customers are relying on Cisco password encryption for more security than it was designed to provide. This document explains the security model behind Cisco password encryption, and the security limitations of that encryption. User Passwords - -------------- User passwords and most other passwords (*not* enable secrets) in Cisco IOS configuration files are encrypted using a scheme that's very weak by modern cryptographic standards. Although Cisco does not distribute a decryption program, at least two different decryption programs for Cisco IOS passwords are available to the public on the Internet; the first public release of such a program of which Cisco is aware was in early 1995. We would expect any amateur cryptographer to be able to create a new program with no more than a few hours' work. The scheme used by IOS for user passwords was never intended to resist a determined, intelligent attack; it was designed to avoid casual "over-the-shoulder" password theft. The threat model was someone reading a password from an administrator's screen. The scheme was never supposed to protect against someone conducting a determined analysis of the configuration file. Because of the weak encryption algorithm, it has always been Cisco's position that customers should treat any configuration file containing passwords as sensitive information, the same way they would treat a cleartext list of passwords. Enable Secret Passwords - ----------------------- Enable secrets are hashed using the MD5 algorithm. As far as anyone at Cisco knows, it is impossible to recover an enable secret based on the contents of a configuration file (other than by obvious dictionary attacks). Note that this applies only to passwords set with "enable secret", *not* to passwords set with "enable password". Indeed, the strength of the encryption used is the only significant difference between the two commands. Other Passwords - --------------- Almost all passwords and other authentication strings in Cisco IOS configuration files are encrypted using the weak, reversible scheme used for user passwords. To determine which scheme has been used to encrypt a specific password, check the digit preceding the encrypted string in the configuration file. If that digit is a 7, the password has been encrypted using the weak algorithm. If the digit is a 5, the password has been hashed using the stronger MD5 algorithm. For example, in the configuration command enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDqP. The enable secret has been hashed with MD5, whereas in the command username jbash password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D The password has been encrypted using the weak reversible algorithm. Can the algorithm be changed? - ----------------------------- Cisco has no immediate plans to support a stronger encryption algorithm for IOS user passwords. Should Cisco decide to introduce such a feature in the future, that feature will definitely impose an additional ongoing administrative burden on users who choose to take advantage of it. It is not, in the general case, possible to switch user passwords over to the MD5-based algorithm used for enable secrets, because MD5 is a one-way hash, and the password can't be recovered from the encrypted data at all. In order to sup a3d port certain authentication protocols (notably CHAP), the system needs access to the clear text of user passwords, and therefore must store them using a reversible algorithm. Key management issues would make it a nontrivial task to switch over to a stronger reversible algorithm, such as DES. Although it would be easy to modify IOS to use DES to encrypt passwords, there would be no security advantage in doing so if all IOS systems used the same DES key. If different keys were used by different systems, an administrative burden would be introduced for all IOS network administrators, and portability of configuration files between systems would be damaged. Customer demand for stronger reversible password encryption has been small. November 10, 1997 -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNGen1wyPsuGbHvEpAQFYHwgAtIs5PykwbZ11H3kzKxpl67I4OX4Kngli wKL7PHxbKMvB12l/oiFoTcrOqWXVWN6AQ3ObbkJ+GD02zHbW+5rU/2/dys86GQAi MGBLS/7pKrb9oPjeI5P+ZZIGfaM/Cs6y6nRN2jeC2ZSglGmlsaWua0Sm+9ytvz1b x730JE1yGybxnBHYGsonSpRNQ8xx8RKjG+HZ5gFROWkY/gsBeqiEcz/y+XJq0qwO 6ULpwAKVV9jld4m93ZJe3LzyjrOUM7+pk3UzNAZu1IfUoy1L3J/VfehbBc7BmMy7 0AylJwuhNd3mlCe3Vl0VgCG/qC/hjX+860QY9CWb411Nstc+pyjcqw== =JdSr -----END PGP SIGNATURE----- [totally obnoxious huge fucking PGP signature deleted --Fyodor]