Cairnarvon/cisco-cracker.pl

## cisco-cracker.pl
#!/usr/bin/perl

use strict;

use File::Temp qw/tempfile/;
use Getopt::Long;

use constant PATH_TO_JTR => "";


sub usage {
    print <<EOS
\033[1mUSAGE\033[0m
\t$0 [ \033[4mOPTIONS\033[0m... ] < \033[4mFILE\033[0m

\033[1mSYNOPSIS\033[0m
\tThis script reads a Cisco IOS configuration file from stdin, extracts
\tthe passwords from it, and displays them. It can automatically decrypt
\tCisco's type 7 encryption, and will try to invoke John the Ripper to
\ttry to crack type 5 hashes.
\tYou can download JtR from http://www.openwall.com/john/

\033[1mOPTIONS\033[0m
\t\033[1m--no-jtr\033[0m
\t\tDon't try to use JtR to crack type 5 passwords.

\t\033[1m--jtr-path\033[0m=\033[4mPATH\033[0m
\t\tSpecify the path to JtR's \033[1mjohn\033[0m executable.
\t\t(If you built JtR yourself, it will be in the run/ folder.)

\t\033[1m--help\033[0m, \033[1m-h\033[0m
\t\tDisplay this message and exit.

EOS
    ;

    exit 1;
}


sub unseven ($) {
    # Reverses type 7 ``encryption''.

    my @xlat = (0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c,
                0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a,
                0x4b, 0x44, 0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63,
                0x61, 0x36, 0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76);

    my $enc = $_[0];
    return if (length($enc) < 4 || length($enc) & 1);

    my $key = hex substr($enc, 0, 2);
    return if ($key > 15);
    $enc = substr $enc, 2;

    my @dec = ();

    while ($enc) {
        my $chr;

        $chr = hex(substr $enc, 0, 2) ^ $xlat[$key++];
        $enc = substr $enc, 2;

        push(@dec, chr($chr));

        $key %= 40;
    }

    return join "", @dec;
}


# Parse options

my $no_jtr = 0;
my $path_to_jtr = PATH_TO_JTR;
my $halp = 0;

my $opt = GetOptions('no-jtr' => \$no_jtr, 'jtr-path=s' => \$path_to_jtr,
                     'help' => \$halp, 'h' => \$halp);

usage if ($halp || !$opt || -t STDIN);


# Parse file for passwords

my (@plains, @sevens, @fives);

while (<>) {
    chomp;
    if (/password ([^ ]+?)\n?$/) {
        push @plains, {'pass' => $1, 'context' => $_};
    } elsif (/ 7 ((?:0[0-9]|1[0-5])(?:[0-9A-F]{2})+)\n?$/) {
        push @sevens, {'pass' => unseven($1), 'hash' => $1, 'context' => $_};
    } elsif (/ 5 (\$1\$.*)\n?$/) {
        push @fives, {'hash' => $1, 'context' => $_};
    }
}


# Display found passwords

if ($#plains > -1) {
    print "\033[1mFound plaintext passwords:\033[0m\n";

    foreach (@plains) {
        print "\t", $_->{'pass'}, " \033[2m", $_->{'context'}, "\033[0m\n";
    }

    print "\n";
}

if ($#sevens > -1) {
    print "\033[1mFound type 7 passwords:\033[0m\n";

    foreach (@sevens) {
        print "\t", $_->{'pass'}, " \033[4m", $_->{'hash'}, "\033[0m \033[2m",
              $_->{'context'}, "\033[0m\n";
    }

    print "\n";
}

if ($#fives > -1) {
    print "\033[1mFound type 5 passwords:\033[0m\n";

    foreach (@fives) {
        print "\t\033[4m", $_->{'hash'}, "\033[0m \033[2m", $_->{'context'},
              "\033[0m\n";
    }

    print "\n";
}


# Possibly invoke JtR to crack type 5 passwords.

if ($#fives > -1 && !$no_jtr) {
    print "Invoking JtR for cracking type 5... ";

    if (!-e $path_to_jtr) {
        print "Can't find JtR executable!\n";
        exit 2;
    } elsif (!-x $path_to_jtr) {
        print "Can't execute JtR executable!\n";
        exit 3;
    }

    my ($fh, $filename) = tempfile();

    foreach (@fives) {
        print $fh $_->{'hash'}, "\n";
    }

    print "\n\n";

    system("$path_to_jtr $filename 2>&1 >/dev/null");
    system("$path_to_jtr --show $filename");
    system("rm $filename");
}
	#!/usr/bin/perl

	use strict;

	use File::Temp qw/tempfile/;
	use Getopt::Long;

	use constant PATH_TO_JTR => "";


	sub usage {
	print <<EOS
	\033[1mUSAGE\033[0m
	\t$0 [ \033[4mOPTIONS\033[0m... ] < \033[4mFILE\033[0m

	\033[1mSYNOPSIS\033[0m
	\tThis script reads a Cisco IOS configuration file from stdin, extracts
	\tthe passwords from it, and displays them. It can automatically decrypt
	\tCisco's type 7 encryption, and will try to invoke John the Ripper to
	\ttry to crack type 5 hashes.
	\tYou can download JtR from http://www.openwall.com/john/

	\033[1mOPTIONS\033[0m
	\t\033[1m--no-jtr\033[0m
	\t\tDon't try to use JtR to crack type 5 passwords.

	\t\033[1m--jtr-path\033[0m=\033[4mPATH\033[0m
	\t\tSpecify the path to JtR's \033[1mjohn\033[0m executable.
	\t\t(If you built JtR yourself, it will be in the run/ folder.)

	\t\033[1m--help\033[0m, \033[1m-h\033[0m
	\t\tDisplay this message and exit.

	EOS
	;

	exit 1;
	}


	sub unseven ($) {
	# Reverses type 7 ``encryption''.

	my @xlat = (0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c,
	0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a,
	0x4b, 0x44, 0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63,
	0x61, 0x36, 0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76);

	my $enc = $_[0];
	return if (length($enc) < 4 \|\| length($enc) & 1);

	my $key = hex substr($enc, 0, 2);
	return if ($key > 15);
	$enc = substr $enc, 2;

	my @dec = ();

	while ($enc) {
	my $chr;

	$chr = hex(substr $enc, 0, 2) ^ $xlat[$key++];
	$enc = substr $enc, 2;

	push(@dec, chr($chr));

	$key %= 40;
	}

	return join "", @dec;
	}


	# Parse options

	my $no_jtr = 0;
	my $path_to_jtr = PATH_TO_JTR;
	my $halp = 0;

	my $opt = GetOptions('no-jtr' => \$no_jtr, 'jtr-path=s' => \$path_to_jtr,
	'help' => \$halp, 'h' => \$halp);

	usage if ($halp \|\| !$opt \|\| -t STDIN);


	# Parse file for passwords

	my (@plains, @sevens, @fives);

	while (<>) {
	chomp;
	if (/password ([^ ]+?)\n?$/) {
	push @plains, {'pass' => $1, 'context' => $_};
	} elsif (/ 7 ((?:0[0-9]\|1[0-5])(?:[0-9A-F]{2})+)\n?$/) {
	push @sevens, {'pass' => unseven($1), 'hash' => $1, 'context' => $_};
	} elsif (/ 5 (\$1\$.*)\n?$/) {
	push @fives, {'hash' => $1, 'context' => $_};
	}
	}


	# Display found passwords

	if ($#plains > -1) {
	print "\033[1mFound plaintext passwords:\033[0m\n";

	foreach (@plains) {
	print "\t", $_->{'pass'}, " \033[2m", $_->{'context'}, "\033[0m\n";
	}

	print "\n";
	}

	if ($#sevens > -1) {
	print "\033[1mFound type 7 passwords:\033[0m\n";

	foreach (@sevens) {
	print "\t", $_->{'pass'}, " \033[4m", $_->{'hash'}, "\033[0m \033[2m",
	$_->{'context'}, "\033[0m\n";
	}

	print "\n";
	}

	if ($#fives > -1) {
	print "\033[1mFound type 5 passwords:\033[0m\n";

	foreach (@fives) {
	print "\t\033[4m", $_->{'hash'}, "\033[0m \033[2m", $_->{'context'},
	"\033[0m\n";
	}

	print "\n";
	}


	# Possibly invoke JtR to crack type 5 passwords.

	if ($#fives > -1 && !$no_jtr) {
	print "Invoking JtR for cracking type 5... ";

	if (!-e $path_to_jtr) {
	print "Can't find JtR executable!\n";
	exit 2;
	} elsif (!-x $path_to_jtr) {
	print "Can't execute JtR executable!\n";
	exit 3;
	}

	my ($fh, $filename) = tempfile();

	foreach (@fives) {
	print $fh $_->{'hash'}, "\n";
	}

	print "\n\n";

	system("$path_to_jtr $filename 2>&1 >/dev/null");
	system("$path_to_jtr --show $filename");
	system("rm $filename");
	}