Cisco Password Recovery (Type 7) Utility

Author: unkn0wnAPI

Networking/Cisco/Password Recovery Utility/README.md

@@ -0,0 +1,41 @@
+# Cisco Password (Type 7) Recovery  Tool
+
+A quirky script for recovering passwords encrypted using `service password-encryption` (Type 7) from old Cisco networking gear. 
+Made to automate the recovery and exploration of old equipment found in lab storage.
+
+> [!WARNING]
+> ## Disclaimer
+> This tool is provided for **educational and research purposes only**. It is intended exclusively for recovering passwords from your own equipment or systems you have explicit permission to access.
+> 
+> **The author accepts no responsibility or liability** for any misuse of this script or for any unauthorized access attempts. Use of this tool against systems without proper authorization may violate computer crime laws and other regulations.
+> 
+> By using this script, you acknowledge that you are solely responsible for how it is used and agree to use it only in legal and ethical ways.
+
+## Getting Started
+
+The scripts may require specific software and/or packages (See [Prerequisites](#prerequisites) for more information).
+
+### Prerequisites
+
+Tools and elements required to successfully use the script:
+
+* [Python 3](https://www.python.org/) installed on the machine used for generation.
+
+## Configuration
+
+This script requires you to provide an array of passwords you wish to recover (saved in a variable as a list).
+
+## Usage
+
+To run this script you need to issue the following commands:
+
+```properties
+# On windows
+python main.py
+
+# On Linux/Unix based systems
+python3 main.py
+# or
+chmod +x ./main.py;
+./main.py
+```

Networking/Cisco/Password Recovery Utility/main.py

@@ -0,0 +1,60 @@
+#!/usr/bin/python3
+
+#
+## Script Name: Cisco Password-Encryption Decryptor
+## Author:      unkn0wnAPI [https://github.com/unkn0wnAPI]
+## Information: Recover lost passwords from old Cisco network devices
+#
+
+#
+## Configuration
+#
+PASSWORDS: list[str] = []
+
+#
+## Global Variables
+#
+CISCO_KEYS: list[int] = [
+    0x64, 0x73, 0x66, 0x64, 0x3B, 0x6B, 0x66, 0x6F,
+    0x41, 0x2C, 0x2E, 0x69, 0x79, 0x65, 0x77, 0x72,
+    0x6B, 0x6C, 0x64, 0x4A, 0x4B, 0x44, 0x48, 0x53,
+    0x55, 0x42
+]
+
+#
+## Functions
+#
+def type7_decryptor(passwd: list[str]) -> list[str]:
+    global CISCO_KEYS
+
+    decrypted_passwords: list[str] = []
+    for password in passwd:
+        seed = int(password[:2])
+        enc_bytes = password[2:]
+        decrypted_password = ''
+
+        for i in range(0, len(enc_bytes), 2):
+            byte = int(enc_bytes[i:i+2], 16)
+            decrypted_password += chr(byte ^ CISCO_KEYS[(seed + i // 2) % len(CISCO_KEYS)])
+
+        decrypted_passwords.append(decrypted_password)
+    return decrypted_passwords
+
+def main() -> None:
+    global PASSWORDS
+
+    print('===Cisco Password-Encryption (Type 7) Decryptor===')
+
+    if len(PASSWORDS) == 0:
+        print('[ERROR] No passwords provided for decryption')
+        return 1
+    
+    print(f'[INFO] Found {len(PASSWORDS)} passwords to decrypt')
+    decrypted_passwords: list[str] = type7_decryptor(PASSWORDS)
+    print('[OUTPUT] Decrypted passwords (ENCRYPTED -> PLAIN TEXT):')
+
+    for x in range(len(PASSWORDS)):
+        print(f' - {PASSWORDS[x]} -> {decrypted_passwords[x]}')
+
+if __name__ == '__main__':
+    main()