c7decrypt 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/c7decrypt.rb +83 -0
- metadata +65 -0
data/lib/c7decrypt.rb
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
# A Ruby-based implementation of a Cisco Type-7 Password Decrypter
|
|
2
|
+
#
|
|
3
|
+
# Author: Jonathan Claudius (Twitter/GitHub: @claudijd)
|
|
4
|
+
#
|
|
5
|
+
# This code is based on Daren Matthew's cdecrypt.pl found here:
|
|
6
|
+
# http://mccltd.net/blog/?p=1034 ("Deobfuscating Cisco Type 7 Passwords")
|
|
7
|
+
|
|
8
|
+
#Class Implementation
|
|
9
|
+
class C7Decrypt
|
|
10
|
+
|
|
11
|
+
# Vigenere translation table (these are our key values for decryption)
|
|
12
|
+
VT_TABLE = [
|
|
13
|
+
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e,
|
|
14
|
+
0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44,
|
|
15
|
+
0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39,
|
|
16
|
+
0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, 0x39, 0x38, 0x37, 0x33,
|
|
17
|
+
0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37
|
|
18
|
+
]
|
|
19
|
+
|
|
20
|
+
# Regexes for extracting hashes from configs
|
|
21
|
+
TYPE_7_REGEXES = [
|
|
22
|
+
/enable password 7 ([a-zA-Z0-9]+)/,
|
|
23
|
+
/username [a-zA-Z0-9]+ password 7 ([a-zA-Z0-9]+)/,
|
|
24
|
+
/password 7 ([a-zA-Z0-9]+)/
|
|
25
|
+
]
|
|
26
|
+
|
|
27
|
+
# The Decryption Method for Cisco Type-7 Encrypted Strings
|
|
28
|
+
# @param [String] the Cisco Type-7 Encrypted String
|
|
29
|
+
# @return [String] the Decrypted String
|
|
30
|
+
def decrypt(pw)
|
|
31
|
+
r = ""
|
|
32
|
+
pw_bytes = pw.scan(/../)
|
|
33
|
+
vt_index = pw_bytes.first.hex - 1
|
|
34
|
+
pw_bytes.each_with_index do |byte,i|
|
|
35
|
+
r += (byte.hex^VT_TABLE[(i + vt_index) % 53]).chr
|
|
36
|
+
end
|
|
37
|
+
return r.slice(1..-1).rstrip
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# A helper method to decrypt an arracy of Cisco Type-7 Encrypted Strings
|
|
41
|
+
# @param [Array>String] an array of Cisco Type-7 Encrypted Strings
|
|
42
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
43
|
+
def decrypt_array(pw_array)
|
|
44
|
+
pw_array.collect {|pw| decrypt(pw)}
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# This method scans a raw config file for type 7 passwords and decrypts them
|
|
48
|
+
# @param [String] a string of the config file path that contains Cisco Type-7 Encrypted Strings
|
|
49
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
50
|
+
def decrypt_config(file)
|
|
51
|
+
f = File.open(file, 'r').to_a
|
|
52
|
+
decrypt_array(f.collect {|line| type_7_matches(line)}.flatten)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# This method scans a config line for encrypted type-7 passwords and returns an array of results
|
|
56
|
+
# @param [String] a line with potential encrypted type-7 passwords
|
|
57
|
+
# @return [Array>String] an array of Cisco type-7 encrypted Strings
|
|
58
|
+
def type_7_matches(string)
|
|
59
|
+
TYPE_7_REGEXES.collect {|regex| string.scan(regex)}.flatten.uniq
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# A short-hand version of the descrypt method
|
|
63
|
+
# @param [String] the Cisco Type-7 Encrypted String
|
|
64
|
+
# @return [String] the Decrypted String
|
|
65
|
+
def d(pw)
|
|
66
|
+
decrypt(pw)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# A short-hand version of the descrypt_array method
|
|
70
|
+
# @param [Array>String] an array of Cisco Type-7 Encrypted Strings
|
|
71
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
72
|
+
def d_a(pw_array)
|
|
73
|
+
decrypt_array(pw_array)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# A short-hand version of the decrypt_config method
|
|
77
|
+
# @param [String] a string of the config file path that contains Cisco Type-7 Encrypted Strings
|
|
78
|
+
# @return [Array>String] an array of Decrypted Strings
|
|
79
|
+
def d_c(file)
|
|
80
|
+
decrypt_config(file)
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: c7decrypt
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
hash: 29
|
|
5
|
+
prerelease:
|
|
6
|
+
segments:
|
|
7
|
+
- 0
|
|
8
|
+
- 0
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.0.1
|
|
11
|
+
platform: ruby
|
|
12
|
+
authors:
|
|
13
|
+
- Jonathan Claudius
|
|
14
|
+
autorequire:
|
|
15
|
+
bindir: bin
|
|
16
|
+
cert_chain: []
|
|
17
|
+
|
|
18
|
+
date: 2012-09-07 00:00:00 Z
|
|
19
|
+
dependencies: []
|
|
20
|
+
|
|
21
|
+
description:
|
|
22
|
+
email: claudijd@yahoo.com
|
|
23
|
+
executables: []
|
|
24
|
+
|
|
25
|
+
extensions: []
|
|
26
|
+
|
|
27
|
+
extra_rdoc_files: []
|
|
28
|
+
|
|
29
|
+
files:
|
|
30
|
+
- lib/c7decrypt.rb
|
|
31
|
+
homepage: http://rubygems.org/gems/c7decrypt
|
|
32
|
+
licenses: []
|
|
33
|
+
|
|
34
|
+
post_install_message:
|
|
35
|
+
rdoc_options: []
|
|
36
|
+
|
|
37
|
+
require_paths:
|
|
38
|
+
- lib
|
|
39
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
40
|
+
none: false
|
|
41
|
+
requirements:
|
|
42
|
+
- - ">="
|
|
43
|
+
- !ruby/object:Gem::Version
|
|
44
|
+
hash: 3
|
|
45
|
+
segments:
|
|
46
|
+
- 0
|
|
47
|
+
version: "0"
|
|
48
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
50
|
+
requirements:
|
|
51
|
+
- - ">="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
hash: 3
|
|
54
|
+
segments:
|
|
55
|
+
- 0
|
|
56
|
+
version: "0"
|
|
57
|
+
requirements: []
|
|
58
|
+
|
|
59
|
+
rubyforge_project:
|
|
60
|
+
rubygems_version: 1.8.10
|
|
61
|
+
signing_key:
|
|
62
|
+
specification_version: 3
|
|
63
|
+
summary: Ruby based Cisco Type 7 Password Decryptor
|
|
64
|
+
test_files: []
|
|
65
|
+
|