Perl Script To Decode Cisco Type 7 Password Hash

I have spent years of finding a way to hack cisco 7 password, but never succeed... But one day, I encountered a script like this:

Perl Script That Takes Cisco Type 7 Hash And Returns The Password:

#!/usr/bin/perl

use File::Copy;

############################################################################

# Vigenere translation table

############################################################################

@V=(0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e,

    0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44,

    0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39,

    0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, 0x39, 0x38, 0x37, 0x33,

    0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37);

############################################################################

############################################################################

# Usage guidelines

############################################################################

if ($ARGV[0] eq ""){

   print "This script reveals the IOS passwords obfuscated using the Vigenere algorithm.n";

   print "n";

   print "Usage guidelines:n";

   print " cdecrypt.pl 04480E051A33490E     # Reveals a single passwordn";

   print " cdecrypt.pl running-config.rcf   # Changes all passwords in a file to cleartextn";

   print "                                  # Original file stored with .bak extensionn";

}

############################################################################

# Process arguments and execute

############################################################################

if(open(F,"<$ARGV[0]")){    # If argument passed can be opened then convert a file

  open(FO,">cdcout.rcf") || die("Cannot open 'cdcout.rcf' for writing ($!)n");

  while(<F>){

    if (/(.*passwords)(7s)([0-9a-fA-F]{4,})/){     # Find password commands

      my $d=Decrypt($3);                             # Deobfuscate passwords

      s/(.*passwords)(7s)([0-9a-fA-F]{4,})/$1$d/;  # Remove '7' and add cleartext password

    }

    print FO $_;

  }

  close(F);

  close(FO);

  copy($ARGV[0],"$ARGV[0].bak")||die("Cannot copy '$ARGV[0]' to '$ARGV[0].bak'");

  copy("cdcout.rcf",$ARGV[0])||die("Cannot copy '$ARGV[0]' to '$ARGV[0].bak'");

  unlink "cdcout.rcf";

}else{                      # If argument passed cannot be opened it is a single password

  print Decrypt($ARGV[0]) . "\n";

}

############################################################################

# Vigenere decryption/deobfuscation function

############################################################################

sub Decrypt{

  my $pw=shift(@_);                             # Retrieve input obfuscated password

  my $i=substr($pw,0,2);                        # Initial index into Vigenere translation table

  my $c=2;                                      # Initial pointer

  my $r="";                                     # Variable to hold cleartext password

  while ($c<length($pw)){                       # Process each pair of hex values

    $r.=chr(hex(substr($pw,$c,2))^$V[$i++]);    # Vigenere reverse translation

    $c+=2;                                      # Move pointer to next hex pair

    $i%=53;                                     # Vigenere table wrap around

  }                                             #

  return $r;                                    # Return cleartext password

}

The script is very easy to use as shown in the below example. You just type “perl cisco7decode.pl HASH-HERE” where HASH-HERE is the actual has and cisco7decode.pl is a file you create with the above code pasted in it.

Example Using cisco7decode.pl Perl Script To Crack Cisco Type 7 Passwords:

[root@localhost perl_script]# perl cdecrypt.pl 04480E051A33490E

secure

As you can see the above Cisco Type 7 password hash of 04480E051A33490E represents a password of “secure” without the quotes. I think you will be surprised at how quickly the passwords are returned. It is fairly amazing that this type of security was ever used by a company such as Cisco.

how to recover a deleted file in Linux

A very useful and practical tip
http://linuxshellaccount.blogspot.com/2008/08/recovering-deleted-files-by-inode.html

物理存储器和地址空间

　　物理存储器和存储地址空间是两个不同的概念。但是由于这两者有十分密切的关系，而且两者都用B、KB、MB、GB来度量其容量大小，因此容易产生认识上的混淆。初学者弄清这两个不同的概念，有助于进一步认识主存储器和用好主存储器。
　　物理存储器是指实际存在的具体存储器芯片。如主板上装插的主存条和装载有系统的BIOS的ROM芯片，显示卡上的显示RAM芯片和装载显示BIOS的ROM芯片，以及各种适配卡上的RAM芯片和ROM芯片都是物理存储器。
　　存储地址空间是指对存储器编码（编码地址）的范围。所谓编码就是对每一个物理存储单元（一个字节）分配一个号码，通常叫作“编址”。分配一个号码给一个存储单元的目的是为了便于找到它，完成数据的读写，这就是所谓的“寻址”（所以，有人也把地址空间称为寻址空间）。
　　地址空间的大小和物理存储器的大小并不一定相等。举个例子来说明这个问题：某层楼共有17个房间，其编号为801～817。这17个房间是物理的，而其地址空间采用了三位编码，其范围是800～899共100个地址，可见地址空间是大于实际房间数量的。
　　对于386以上档次的微机，其地址总线为32位，因此地址空间可达2的32次方,即4GB。但实际上我们所配置的物理存储器通常只有1MB、2MB、4MB、8MB、16MB、32MB等，远小于地址空间所允许的范围。

Linux Memory Mangement

In Linux, the OS provides an unique interface for memory management, it consists SWAP space and Physical memory space, so the user process do not need to focus on how memory allocation, but they will give this task to the OS operation system.(Virtual Memory: SWAP + Physical Memory)

Address Types

User virtual addresses
These are the regular addresses seen by user-space programs. User addresses are either 32 or 64 bits in length, depending on the underlying hardware architecture, and each process has its own virtual address space.

Physical addresses
The addresses used between the processor and the system's memory. Physical addresses are 32- or 64-bit quantities; even 32-bit systems can use larger physical addresses in some situations.

Bus addresses
The addresses used between peripheral buses and memory. Often, they are the same as the physical addresses used by the processor, but that is not necessarily the case. Some architectures can provide an I/O memory management unit (IOMMU) that remaps addresses between a bus and main memory. An IOMMU can make life easier in a number of ways (making a buffer scattered in memory appear contiguous to the device, for example), but programming the IOMMU is an extra step that must be performed when setting up DMA operations. Bus addresses are highly architecture dependent, of course.

Kernel logical addresses
These make up the normal address space of the kernel. These addresses map some portion (perhaps all) of main memory and are often treated as if they were physical addresses. On most architectures, logical addresses and their associated physical addresses differ only by a constant offset. Logical addresses use the hardware's native pointer size and, therefore, may be unable to address all of physical memory on heavily equipped 32-bit systems. Logical addresses are usually stored in variables of type unsigned long or void *. Memory returned from kmalloc has a kernel logical address.

Kernel virtual addresses
Kernel virtual addresses are similar to logical addresses in that they are a mapping from a kernel-space address to a physical address. Kernel virtual addresses do not necessarily have the linear, one-to-one mapping to physical addresses that characterize the logical address space, however. All logical addresses are kernel virtual addresses, but many kernel virtual addresses are not logical addresses. For example, memory allocated by vmalloc has a virtual address (but no direct physical mapping). The kmapfunction (described later in this chapter) also returns virtual addresses. Virtual addresses are usually stored in pointer variables.

High and Low Memory

Low memory
Memory for which logical addresses exist in kernel space. On almost every system you will likely encounter, all memory is low memory.

High memory
Memory for which logical addresses do not exist, because it is beyond the address range set aside for kernel virtual addresses.

Address types used in Linux