Cisco 7 password recovery on IOS

If we encounter a situation where we need to revel Cisco 7 password but we don’t have access to the internet (sound like science fiction!) or to utility which do that we can use Cisco IOS for reveling the password.

Let’s say we logged in into R1 and as we can see there is a password on the BGP peer to R2:

R1#sh run | s bgp router bgp 65000  no synchronization  bgp log-neighbor-changes  neighbor 2.2.2.2 remote-as 65002  neighbor 2.2.2.2 password 7 106D000A061843595F  no auto-summary

In order to revel the password follow these steps:

R1#conf t Enter configuration commands, one per line.  End with CNTL/Z. R1(config)#key chain decrypt R1(config-keychain)#key 1 R1(config-keychain-key)#key-string 7 106D000A061843595F R1(config-keychain-key)#end

Note that in the key-string we start with 7 follow by the hash password we copy from the BGP peer password.

Now to see the password type:

R1#show key chain decrypt Key-chain decrypt:     key 1 -- text "Cisco123"         accept lifetime (always valid) - (always valid) [valid now]         send lifetime (always valid) - (always valid) [valid now]

The password is “Cisco123”

SecureCRT chat window

Using SecureCRT chat window will allow us to send command or multiple commands to multiple hosts at once. In this way we can save a lot of time and keyboard strokes.

For example here I opened a SecureCRT window with 3 routers organized in tabs:

Now let’s open the chat window by click on View in the menu bar and click on chat window:

Now do right click on the chat window and choose Send Chat to All Sessions:

Now we can type command, in the chat window, and after clicking on enter it will be applied to all routers in the window:

In order to type more then one command use CTRL+ENTER combination to jump to new line:

The chat window has also history buffer so we can up and down arrows for scrolling history.

Send an e-mail using command line

Here is a quick note how to send an e-mail using command line interface.

First Telnet to the mail server using port 25 and then run the following commands:

helo <SMTP_SERVER_DOMAIN> AUTH LOGIN <BASE64 USERNAME@DOMAIN> <BASE64 PASSWORD> mail from:<USER@DOMAIN> rcpt to: <USER@DOMAIN> data From: <USER@DOMAIN> Subject: test mail from command line this is test message number 1 sent from my router .

Don’t forget the “.” In the end

The authentication section is required for SMTP servers which prevent relay through the use of authentication. The username@domain and password should be typed in base64 which can be encoded using the following site:  http://www.base64encode.org/

And here is an example with Bezeq International SMTP server:

MRTR#telnet out.bezeqint.net 25          Translating "out.bezeqint.net"...domain server (192.115.106.35) Translating "out.bezeqint.net"...domain server (192.115.106.35) [OK] Trying out.bezeqint.net (192.115.187.185, 25)... Open 220 out7.bezeqint.net ESMTP Postfix at your service - please... helo bezeqint.net 250 out7.bezeqint.net AUTH LOGIN 334 VXNlcm5hbWU6 <BASE64 USERNAME@DOMAIN> 334 UGFzc3dvcmQ6 <BASE64 PASSWORD> 235 2.7.0 Authentication successful mail from:username1@bezeqint.net rcpt to:username2@domain.net data From:username1@bezeqint.net Subject: test mail from command line this is test message number 1 sent from my router . 250 2.1.0 Ok 250 2.1.5 Ok 354 End data with <CR><LF>.<CR><LF> 250 2.0.0 Ok: queued as 2229F5E2AF3

The following output is from Cisco IOS router.