You want to reverse the weak Cisco password encryption algorithm to recover forgotten passwords.

To recover a lost router password from a configuration file, use the following Perl script to decipher weakly encrypted passwords. This script expects to read router configuration commands via standard input (STDIN). It then prints the same commands to standard output (STDOUT) with the passwords decrypted.

Here is an example of the program’s output:

Freebsd% cpwcrk.pl < Router1-confg

version 12.2

service password-encryption
!
hostname Router1
!
enable secret 5 $1$4y6Q$bcGReJ3kGgmlpfr7/lT64.
enable password 7 06150E2F4A5C0817 (decrypted: sanfran)
!
username ijbrown password 7 121A0C041104 (decrypted: cisco)
username kdooley password 7 1306181D000E0B2520 (decrypted: cookbook)
!
<Lines removed for brevity>
!
line con 0
 password 7 06120A22445E1E1D (decrypted: techpwd)
line aux 0
 password 7 0212015803161825 (decrypted: techpwd)
line vty 0 4
 password 7 070033494705151C (decrypted: oreilly)
 login
!
end

The program in Example 3-2 is written as a Perl script.

#!/usr/local/bin/perl # # cpwcrk.pl -- a small script to crack Cisco's Type 7 password # encryption # # $k='dsfd;kfoA,.iyewrkldJKDHSUB'; for($i=0; $i<length($k); $i++) { $ks[$i] = ord(substr($k, $i, 1)); } while (<STDIN>) { if(/ord 7 [01]/) { chop; $w=$_; s/.* //g; $C = $_; printf "$w (decrypted: "; $o=substr($C, 0, 2); for ($i=0; $i < (length($C)-1)/2; $i++) { ...