ciscoconfparse2.CiscoPassword

class ciscoconfparse2.CiscoPassword(ep='')

Encrypt all cisco password types and decrypt cisco type 7 passwords.

Cisco Encryption type 7, 8, and 9 code inspired by this MIT-licensed repo:

https://github.com/BrettVerney/ciscoPWDhasher/

b64table = {43: 121, 47: 122, 48: 111, 49: 112, 50: 113, 51: 114, 52: 115, 53: 116, 54: 117, 55: 118, 56: 119, 57: 120, 65: 46, 66: 47, 67: 48, 68: 49, 69: 50, 70: 51, 71: 52, 72: 53, 73: 54, 74: 55, 75: 56, 76: 57, 77: 65, 78: 66, 79: 67, 80: 68, 81: 69, 82: 70, 83: 71, 84: 72, 85: 73, 86: 74, 87: 75, 88: 76, 89: 77, 90: 78, 97: 79, 98: 80, 99: 81, 100: 82, 101: 83, 102: 84, 103: 85, 104: 86, 105: 87, 106: 88, 107: 89, 108: 90, 109: 97, 110: 98, 111: 99, 112: 100, 113: 101, 114: 102, 115: 103, 116: 104, 117: 105, 118: 106, 119: 107, 120: 108, 121: 109, 122: 110}
cisco_b64chars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
decrypt_type_5(pwd)
decrypt_type_7(ep='')

Cisco Type 7 password decryption. Converted from perl code that was written by jbash [~at~] cisco.com; enhancements suggested by rucjain [~at~] cisco.com

Parameters:

ep – The encrypted Type 7 password hash to be decrypted

Returns:

Clear-text password

decrypt_type_8(pwd)
decrypt_type_9(pwd)
encrypt_type_5(pwd)

Hashes cleartext password to Cisco type 5

Parameters:

pwd – Clear text password to be hashed

Returns:

Hashed password

encrypt_type_7(pwd)

Hashes cleartext password to Cisco type 7

Note

This class implements the “Type 7” password encoding used by Cisco IOS. This is not actually a true hash, but a reversible XOR Cipher encoding the plaintext password. Type 7 strings are (and were designed to be) nearly equivalent to plaintext; the goal was to protect from “over the shoulder” eavesdropping, and little else. They can be trivially decoded.

Parameters:

pwd – Clear text password to be hashed

Returns:

Hashed password

encrypt_type_8(pwd)

Hashes cleartext password to Cisco type 8

Parameters:

pwd – Clear text password to be hashed

Returns:

Hashed password

encrypt_type_9(pwd)

Hashes password to Cisco type 9

Parameters:

pwd – Clear text password

Returns:

Hashed password

pwd_check(pwd)

Checks cleartext password for invalid characters

Parameters:

pwd – Clear text password

Returns:

None

std_b64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'