cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
282367
Views
10
Helpful
6
Replies

Decrypt Type 5 password

Raja_D
Beginner
Beginner

Hi, 

Is there a method or process to Decrypt  type 5 password for cisco devices ?? I have seen type 7 decryptor available but not for Type 5. 

Please suggest if there is any technique. 

James..!!!

6 Replies 6

Georg Pauwen
VIP Master VIP Master
VIP Master

James,

type 5 passwords are really hard to crack, especially since Cisco uses I think the 'salted' version of the hash. That said, if you are willing to dive into some dark hacker cracker stuff, here are two links to scripts you can use (I hope posting those links does not earn me jail time):

https://www.darknet.org.uk/2009/07/crack-pl-sha1-md5-hash-cracking-tool/

http://breakinsecurity.com/cracking-cisco-type-5-passwords/

Mark Malone
Mentor
Mentor

Haven't tried it but there seems to be a few methods online

they say this works if password is weak

http://www.ifm.net.nz/cookbooks/cisco-ios-enable-secret-password-cracker.html

or another method to bypass it using solarwinds

https://support.solarwinds.com/Success_Center/Engineer%27s_ToolSet_(ETS)/Decrypting_Type_5_secret_passwords

or through python

http://breakinsecurity.com/cracking-cisco-type-5-passwords/

Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

In addition to the practical hints of Mark and Georg we should look at some background information:

There is no decryption as the passwords are not encrypted but hashed. Although it's also a cryptographic operation, it's not a reversible encryption but a one-way function. All you can do is to take many different passwords, hash them and compare the result to your given hash-value. The used hash-algorithm with type 5 is salted md5 which can be computed lightning fast on modern computers. If you know that the original password is not too complex and long, it should be possible with the given tools.

The triviality in computing md5-based hashes (and also that there can be collisions) make md5-hashed  passwords a bad thing and nowadays (at least in newer IOS) pbkdf2 or scrypt is often used. These are the password-types 8 and 9.

I guess it's not JUST an hash. Given a fixed password, what you see is different on every router. So it must be an hash, but adding some other randomness or local parameter, otherwise from a certain source input, the hash operation produces always the SAME output.

Hi @randreetta,

Note that @Karsten Iwen mentions a "salted md5".

Here's a link and a quick summary of what "salting a hash" does: To mitigate the damage that a hash table or a dictionary attack could do, we salt the passwords. According to OWASP Guidelines, a salt is a value generated by a cryptographically secure function that is added to the input of hash functions to create unique hashes for every input, regardless of the input not being unique.

The "salt" added to the hash function differs in each device, making the hash unique.

john kiehnle
Beginner
Beginner

Type 5 password are MD5 hashes. An MD5 Hash is just that. A hash is a one way function and cannot be decrypted. Only dictionary attacks work against a hash.

 

J

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers