c7decrypt 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/c7decrypt.rb +83 -0
- metadata +65 -0
data/lib/c7decrypt.rb
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
# A Ruby-based implementation of a Cisco Type-7 Password Decrypter
|
|
2
|
+
#
|
|
3
|
+
# Author: Jonathan Claudius (Twitter/GitHub: @claudijd)
|
|
4
|
+
#
|
|
5
|
+
# This code is based on Daren Matthew's cdecrypt.pl found here:
|
|
6
|
+
# http://mccltd.net/blog/?p=1034 ("Deobfuscating Cisco Type 7 Passwords")
|
|
7
|
+
|
|
8
|
+
#Class Implementation
|
|
9
|
+
class C7Decrypt
|
|
10
|
+
|
|
11
|
+
# Vigenere translation table (these are our key values for decryption)
|
|
12
|
+
VT_TABLE = [
|
|
13
|
+
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e,
|
|
14
|
+
0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44,
|
|
15
|
+
0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39,
|
|
16
|
+
0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, 0x39, 0x38, 0x37, 0x33,
|
|
17
|
+
0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37
|
|
18
|
+
]
|
|
19
|
+
|
|
20
|
+
# Regexes for extracting hashes from configs
|
|
21
|
+
TYPE_7_REGEXES = [
|
|
22
|
+
/enable password 7 ([a-zA-Z0-9]+)/,
|
|
23
|
+
/username [a-zA-Z0-9]+ password 7 ([a-zA-Z0-9]+)/,
|
|
24
|
+
/password 7 ([a-zA-Z0-9]+)/
|
|
25
|
+
]
|
|
26
|
+
|
|
27
|
+
# The Decryption Method for Cisco Type-7 Encrypted Strings
|
|
28
|
+
# @param [String] the Cisco Type-7 Encrypted String
|
|
29
|
+
# @return [String] the Decrypted String
|
|
30
|
+
def decrypt(pw)
|
|
31
|
+
r = ""
|
|
32
|
+
pw_bytes = pw.scan(/../)
|
|
33
|
+
vt_index = pw_bytes.first.hex - 1
|
|
34
|
+
pw_bytes.each_with_index do |byte,i|
|
|
35
|
+
r += (byte.hex^VT_TABLE[(i + vt_index) % 53]).chr
|
|
36
|
+
end
|
|
37
|
+
return r.slice(1..-1).rstrip
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# A helper method to decrypt an arracy of Cisco Type-7 Encrypted Strings
|
|
41
|
+
# @param [Array>String] an array of Cisco Type-7 Encrypted Strings
|
|
42
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
43
|
+
def decrypt_array(pw_array)
|
|
44
|
+
pw_array.collect {|pw| decrypt(pw)}
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# This method scans a raw config file for type 7 passwords and decrypts them
|
|
48
|
+
# @param [String] a string of the config file path that contains Cisco Type-7 Encrypted Strings
|
|
49
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
50
|
+
def decrypt_config(file)
|
|
51
|
+
f = File.open(file, 'r').to_a
|
|
52
|
+
decrypt_array(f.collect {|line| type_7_matches(line)}.flatten)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# This method scans a config line for encrypted type-7 passwords and returns an array of results
|
|
56
|
+
# @param [String] a line with potential encrypted type-7 passwords
|
|
57
|
+
# @return [Array>String] an array of Cisco type-7 encrypted Strings
|
|
58
|
+
def type_7_matches(string)
|
|
59
|
+
TYPE_7_REGEXES.collect {|regex| string.scan(regex)}.flatten.uniq
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# A short-hand version of the descrypt method
|
|
63
|
+
# @param [String] the Cisco Type-7 Encrypted String
|
|
64
|
+
# @return [String] the Decrypted String
|
|
65
|
+
def d(pw)
|
|
66
|
+
decrypt(pw)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# A short-hand version of the descrypt_array method
|
|
70
|
+
# @param [Array>String] an array of Cisco Type-7 Encrypted Strings
|
|
71
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
72
|
+
def d_a(pw_array)
|
|
73
|
+
decrypt_array(pw_array)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# A short-hand version of the decrypt_config method
|
|
77
|
+
# @param [String] a string of the config file path that contains Cisco Type-7 Encrypted Strings
|
|
78
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
79
|
+
def d_c(file)
|
|
80
|
+
decrypt_config(file)
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: c7decrypt
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
hash: 29
|
|
5
|
+
prerelease:
|
|
6
|
+
segments:
|
|
7
|
+
- 0
|
|
8
|
+
- 0
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.0.1
|
|
11
|
+
platform: ruby
|
|
12
|
+
authors:
|
|
13
|
+
- Jonathan Claudius
|
|
14
|
+
autorequire:
|
|
15
|
+
bindir: bin
|
|
16
|
+
cert_chain: []
|
|
17
|
+
|
|
18
|
+
date: 2012-09-07 00:00:00 Z
|
|
19
|
+
dependencies: []
|
|
20
|
+
|
|
21
|
+
description:
|
|
22
|
+
email: claudijd@yahoo.com
|
|
23
|
+
executables: []
|
|
24
|
+
|
|
25
|
+
extensions: []
|
|
26
|
+
|
|
27
|
+
extra_rdoc_files: []
|
|
28
|
+
|
|
29
|
+
files:
|
|
30
|
+
- lib/c7decrypt.rb
|
|
31
|
+
homepage: http://rubygems.org/gems/c7decrypt
|
|
32
|
+
licenses: []
|
|
33
|
+
|
|
34
|
+
post_install_message:
|
|
35
|
+
rdoc_options: []
|
|
36
|
+
|
|
37
|
+
require_paths:
|
|
38
|
+
- lib
|
|
39
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
40
|
+
none: false
|
|
41
|
+
requirements:
|
|
42
|
+
- - ">="
|
|
43
|
+
- !ruby/object:Gem::Version
|
|
44
|
+
hash: 3
|
|
45
|
+
segments:
|
|
46
|
+
- 0
|
|
47
|
+
version: "0"
|
|
48
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
50
|
+
requirements:
|
|
51
|
+
- - ">="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
hash: 3
|
|
54
|
+
segments:
|
|
55
|
+
- 0
|
|
56
|
+
version: "0"
|
|
57
|
+
requirements: []
|
|
58
|
+
|
|
59
|
+
rubyforge_project:
|
|
60
|
+
rubygems_version: 1.8.10
|
|
61
|
+
signing_key:
|
|
62
|
+
specification_version: 3
|
|
63
|
+
summary: Ruby based Cisco Type 7 Password Decryptor
|
|
64
|
+
test_files: []
|
|
65
|
+
|