Cisco IOS hints and tricks: Type 7 decryption in Cisco IOS
Type 7 decryption in Cisco IOS
You don't need password crackers to decode type-7 passwords, you just need access to a router. Here's how you do it:
We'll turn on type-7 encryption for local passwords and generate a test username
R1(config)#service password-encryption
R1(config)#username test password t35t:pa55w0rd
Next we'll inspect the generated username with the show running command
R1(config)#do show run | include username
username test password 7 08351F1B1D431516475E1B54382F
Now we'll create a key chain and enter the type-7 encrypted password as the key string …
R1(config)#key chain decrypt
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 7 08351F1B1D431516475E1B54382F
… and the show command does the decryption for us.
R1(config-keychain-key)#do show key chain decrypt
Key-chain decrypt:
key 1 -- text "t35t:pa55w0rd"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]