Using Only the Cisco CLI to Decode Type 7 Passwords

For various reasons, I often find myself needing to decode a type 7 cisco password. There are many third party tools that can do this for you. This article describes a way to get IOS based routers to show the clear text type 7 password without the need for any third party applications.

To do this, simply copy a type 7 password that includes the password type identifier (“7”). Then create a key chain that contains a keystring using this same scrambled string of characters. If the key chain is shown, it displays the clear text password.

Below is an example of deciphering a type 7 password to its clear text equivalent, “cisco”.

R3(config)#do show run | sec vty
line vty 0 4
password 7 02050D480809
login

R3(config)#key chain breakpw
R3(config-keychain)#key 1

R3(config-keychain-key)#key-string  7 02050D480809
R3(config-keychain-key)#exit
R3(config)#exit
R3#show key chain breakpw
Key-chain breakpw:
key 1 — text “cisco”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Career. Bookmark the permalink.