Decrypting Cisco type 7 passwords on a router

It is common knowledge that Cisco type 7 passwords are not secure.
A quick search on Google brings up plenty of websites that will crack the passwords for you, and a few scripts\tools you can run locally to get the type 7 password.
You can also decrypt the password on the router.
The aim of this blog is to describe the process for decrypting a type 7 password on router using just IOS commands.
First create a password on your router which you want to crack.
For my example I have created the password "cisco".
So the running configuration looks like this;

password 7 1511021F0725

To decrypt you password, first enter global configuration, then enter the command "key chain test" followed by "key 1" then enter "key-string 7 1511021F0725" as shown below;

As you can see from the screen shot above, to show the password use the "show key chain test" command which will decrypt your type 7 password key-string.

Remember when creating password on a router to use the "secret" keyword to ensure MD5 is used as type 7 passwords are not designed to be secure!
For further information, please refer to www.cisco.com

Reading a pgp encrypted message from Linux CLI

If you've been following my PGP\GPG blogs, you should now have PGPGPG installed on your Linux PC.
You will also have generated a PGP key and exported the Public Key, and then created an encrypted message for "Your Mate"

 If not, please read the previous blogs installing pgpgpg, exporting public key  and Encrypting a message.


All that remains is to read an encrypted message. That is the objective of this blog.
First you need to recieve an encrypted message. For this blog, I have created a message which was encrypted using "Your Name's" public key.
The message was placed in my home folder and was called "secretmessage.txt.asc" as shown below.
Check the contents of the file with the cat command.

 
As you can see, the content of the file are encrypted.
To decrypt the file use the "gpg --decrypt secretmessage.txt.asc" command.
You will be prompted for the passphrase. Then the encrypted message will be displayed.
Of course this is fine for a short message as shown, but if your message is larger you may want to extract it as a file.
This can be done using the "--output <filename>" command.
I have decrypted the "secretmessage.txt.asc" file again below, but this time I've saved the output to a file called secretmessage.txt.

 
Notice in the second "ls" there is a new file called "secretmessage.txt".
This is the content of the encrypted file. You can check this using the cat command as shown below.

 
Remember that this file may contain sensitive information, so storing it as a plain text file might not be a great idea.
I hope these blogs have been of use.

Importing a public key to your keyring and creating an encrypted message in Linux CLI

If you've been following my PGP\GPG blogs, you should now have PGPGPG installed on your Linux PC.
You will also have generated a PGP key and exported the Public Key.
If not, please read the previous blogs installing pgpgpg and exporting public key

This blog aims to explain how to import someone else's key, and then send them an encrypted message.
Before we progress any further, you need to have someones Public Key. This can be acquired by email, downloading of a website, or passed via any means, but it is important that you trust the public key you have is from who you think it is from.
I have acquired a public key from "Your Mate" and have it in my home folder.

I first check the contents of my Key ring using the "gpg --list-key" command as shown below.
If you've been following my blogs in order, you should find the only key you have is the one you've generated.
Import the public key for the person you wish to send the encrypted message to with the "gpg --import keyname" command as shown below. As you can see, the key I imported was called "YourMate.asc"

You can confirm the key is now on your keyring by repeating the "gpg --list-key" command as shown above. Notice you now have the "Your Mate" key.
You can check that you have imported the correct public key by asking the owner to confirm the keys finger print.
This can be done using the "gpg --fingerprint" command to see all your keys fingerprints, or an individual key using any of the variables shown below.

Obviously, if someone wishes to confirm your public key's fingerprint, you can complete the same command on your own key as shown below.

"Your Name" keys fingerprint has been highlighted above.
If you now trust you have the correct public key you can sign the key to show that you trust the key to belong to "Your Mate". The command to sign a key is "gpg --sign-key Your.Mate@email.com"
By signing other peoples keys, you can set up a ring of trust. Other people may choose to trust a key on the basis of your signiture.
So now for the fun part. We have installed gpg, created our own key, exported our public key to some one, and now we have imported "Your Mate" public key. We are finally ready to encrypted our first message.
 In order to remain in CLI, I have created a short text message using "cat" as shown below.

When using a "cat >" to create a text file, you need to press "CTRL+D" to exit the redirect.
You could use a text editor like gedit or Vi if you prefer.
You can also use "cat" to check the contents of your file as shown below.

We now have a text file called message.txt in our home directory.
This file can be encrypted using gpg, but lets first consider what we need.
1) the text file
2) the public key of the recipient
3) to make the file ASCII we need to include the "--armor" command.
The required command should look something like this;
"gpg --recipient Your.Mate@email.com --armor --encrypt message.txt"
 So with this information we can encrypt the file as shown below

Notice we now have a "message.txt.asc" file. This is the encrypted file.
Also notice the orginal "message.txt" file still exists! If this contains sensitive data, it should be removed.
Check the contents of your encrypted file using the cat command as shown below.

You can now send this information via email, or any other method safe in the knowledge that it will only be read by its intended recipient/s
You can encrypt a message to more than one recipient including yourself.
That concludes this blog.