best-of-security-request@cyber.com.au with unsubscribe
X-RDate: Mon, 26 Jan 1998 10:25:11 +0500 (ESK)
Date: Mon, 12 Jan 1998 00:36:09 +0200
From: Riku Meskanen <mesrik@cc.jyu.fi>
To: best-of-security@cyber.com.au
Subject: BoS: perl version of that tin opener (IOS decrypt.c)
Howdy,
Squeezed the decrypt.c[1] with perl a bit, just for seeing
better how simple that IOS type 7 encryption really is.
[1] http://www.rootshell.com/archive-Rbf4ahcmxzw5qn2S/199711/ciscocrack.c
:-) riku
#!/usr/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for orginal code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski <jbash@CISCO.COM>
# for Cisco IOS password encryption facts.
#
# Use for any malice or illegal purposes strictly prohibited!
#
@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53 , 0x55, 0x42 );
while (<>) {
if (/(password|md5)\s+7\s+([\da-f]+)/io) {
if (!(length($2) & 1)) {
$ep = $2; $dp = "";
($s, $e) = ($2 =~ /^(..)(.+)/o);
for ($i = 0; $i < length($e); $i+=2) {
$dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
}
s/$ep/$dp/;
}
}
print;
}
# eof
--
[ This .signature intentionally left blank ]
Date: Mon, 12 Jan 1998 01:40:36 +0200
Reply-To: Riku Meskanen <mesrik@CC.JYU.FI>
Sender: avalon
>From: Riku Meskanen <mesrik@CC.JYU.FI>
Subject: Again: perl version of that tin opener (IOS decrypt.c)
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SOL.3.96.980111233202.26751G-100000@kanto.cc.jyu.fi>
Approved: darrenr@cyber.com.au
X-Originally-To: To: BUGTRAQ@NETSPACE.ORG
X-Originated-From: From: Riku Meskanen <mesrik@cc.jyu.fi>
On Mon, 12 Jan 1998, Riku Meskanen wrote:
> Howdy,
>
> Squeezed the decrypt.c[1] with perl a bit, just for seeing
Sorry about commenting my self but, just noticed a flaw in
the perl script I posted <blush>.
Following patch should be applied (hopefully before
posting the script to BUGTRAQ if possible!)
--- ios7decrypt.pl.orig Mon Jan 12 01:17:07 1998
+++ ios7decrypt.pl Mon Jan 12 01:08:36 1998
@@ -1,5 +1,5 @@
#!/usr/bin/perl -w
-# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
+# $Id: ios7decrypt.pl,v 1.3 1998/01/11 23:08:36 mesrik Exp $
#
# Credits for orginal code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski <jbash@CISCO.COM>
@@ -20,7 +20,7 @@
for ($i = 0; $i < length($e); $i+=2) {
$dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
}
- s/$ep/$dp/;
+ s/7\s+$ep/$dp/;
}
}
print;
just in case anybody tries to reload a -confg file. Just apply
the patch (or add "7\s+" in front of $ep on line 23), please.
*****************************************************************
* Without this patch the script will not strip that seven (7) *
* and then reloading the confg -file will mess up your device! *
*****************************************************************
I'm sorry the inconvinience caused.
:-) riku
--
[ This .signature intentionally left blank ]
