This article provides information on decrypting passwords stored in a Cisco router.
Hackers often attack routers because they are not monitored as closely as servers and can provided an enormous source of information. Cisco routers will store all passwords in the running configuration file. In order to get this password you must view the output from the routers running configuration using the command below:
antares#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname antares
!
aaa new-model
enable secret 5 $1$1Pdr$rqEsfKmsdfeTtuRGK.5Oa0
enable password 7 071D7012641B480012
!
username weaponx password 7 03085E1F0B0A2842
ip subnet-zero
no ip routing
no ip domain-lookup
file prompt quiet
!
!
!
interface Ethernet0
ip address 192.168.0.15 255.255.255.0
no ip directed-broadcast
ip nat outside
no ip route-cache
no ip mroute-cache
no mop enabled
!
interface Ethernet1
ip address 192.168.0.16 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip route-cache
no ip mroute-cache
!
interface Serial0
no ip address
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
shutdown
!
ip classless
ip route profile
!
banner motd ^C
This is a private Device!
Unathorized access is prohibited!
^C
!
line con 0
password 7 1205435B5D567B2E22
transport input none
line aux 0
line vty 0 4
password 7 1205435B5D567B2E22
!
end
Using a program called Cain and Abel, you can copy and paste the encrypted password shown in red, right into the cain decryption window. You can download Cain and Abel by clicking here. See the images below:
Using the second encryption value from the above configuration output (03085E1F0B0A2842), you can see the password is "letmein"