home *** CD-ROM | disk | FTP | other *** search
/ H4CK3R 14 / hacker14.iso / exploits / cisco / ciscocrack.c < prev    next >
Encoding:
C/C++ Source or Header  |  2002-10-22  |  4.4 KB  |  158 lines
  1. #include <stdio.h>
  2. #include <ctype.h>
  3.  
  4. char xlat[] = {
  5.         0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
  6.         0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
  7.         0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53, 
  8.         0x55, 0x42 
  9. };
  10.  
  11. char pw_str1[] = "password 7 ";
  12. char pw_str2[] = "enable-password 7 ";
  13.  
  14. char *pname;
  15.  
  16. cdecrypt(enc_pw, dec_pw)
  17. char *enc_pw;
  18. char *dec_pw;
  19. {
  20.         unsigned int seed, i, val = 0;
  21.  
  22.         if(strlen(enc_pw) & 1)
  23.                 return(-1);
  24.  
  25.         seed = (enc_pw[0] - '0') * 10 + enc_pw[1] - '0';
  26.  
  27.         if (seed > 15 || !isdigit(enc_pw[0]) || !isdigit(enc_pw[1]))
  28.                 return(-1);
  29.  
  30.         for (i = 2 ; i <= strlen(enc_pw); i++) {
  31.                 if(i !=2 && !(i & 1)) {
  32.                         dec_pw[i / 2 - 2] = val ^ xlat[seed++];
  33.                         val = 0;
  34.                 }
  35.  
  36.                 val *= 16;
  37.  
  38.                 if(isdigit(enc_pw[i] = toupper(enc_pw[i]))) {
  39.                         val += enc_pw[i] - '0';
  40.                         continue;
  41.                 }
  42.  
  43.                 if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F') {
  44.                         val += enc_pw[i] - 'A' + 10;
  45.                         continue;
  46.                 }
  47.  
  48.                 if(strlen(enc_pw) != i)
  49.                         return(-1);
  50.         }
  51.  
  52.         dec_pw[++i / 2] = 0;
  53.  
  54.         return(0);
  55. }
  56.  
  57. usage()
  58. {
  59.         fprintf(stdout, "Usage: %s -p <encrypted password>\n", pname);
  60.         fprintf(stdout, "       %s <router config file> <output file>\n", pname);
  61.  
  62.         return(0);
  63. }
  64.  
  65. main(argc,argv)
  66. int argc;
  67. char **argv;
  68.  
  69. {
  70.         FILE *in = stdin, *out = stdout;
  71.         char line[257];
  72.         char passwd[65];
  73.         unsigned int i, pw_pos;
  74.  
  75.         pname = argv[0];
  76.  
  77.         if(argc > 1)
  78.         {
  79.                 if(argc > 3) {
  80.                         usage();
  81.                         exit(1);
  82.                 }
  83.  
  84.                 if(argv[1][0] == '-')
  85.                 {
  86.                         switch(argv[1][1]) {
  87.                                 case 'h':
  88.                                 usage();
  89.                                 break;
  90.  
  91.                                 case 'p':
  92.                                 if(cdecrypt(argv[2], passwd)) {
  93.                                         fprintf(stderr, "Error.\n");
  94.                                         exit(1);
  95.                                 }
  96.                                 fprintf(stdout, "password: %s\n", passwd);
  97.                                 break;
  98.  
  99.                                 default:
  100.                                 fprintf(stderr, "%s: unknow option.", pname);
  101.                         }
  102.  
  103.                         return(0);
  104.                 }
  105.  
  106.                 if((in = fopen(argv[1], "rt")) == NULL)
  107.                         exit(1);
  108.                 if(argc > 2)
  109.                         if((out = fopen(argv[2], "wt")) == NULL)
  110.                                 exit(1);
  111.         }
  112.  
  113.         while(1) {
  114.                 for(i = 0; i < 256; i++) {
  115.                         if((line[i] = fgetc(in)) == EOF) {
  116.                                 if(i)
  117.                                         break;
  118.  
  119.                                 fclose(in);
  120.                                 fclose(out);
  121.                                 return(0);
  122.                         }
  123.                         if(line[i] == '\r')
  124.                                 i--;
  125.  
  126.                         if(line[i] == '\n')
  127.                                 break;
  128.                 }
  129.                 pw_pos = 0;
  130.                 line[i] = 0;
  131.  
  132.                 if(!strncmp(line, pw_str1, strlen(pw_str1)))
  133.                         pw_pos = strlen(pw_str1);
  134.  
  135.                 if(!strncmp(line, pw_str2, strlen(pw_str2)))
  136.                         pw_pos = strlen(pw_str2);
  137.  
  138.                 if(!pw_pos) {
  139.                         fprintf(stdout, "%s\n", line);
  140.                         continue;
  141.                 }
  142.  
  143.                 if(cdecrypt(&line[pw_pos], passwd)) {
  144.                         fprintf(stderr, "Error.\n");
  145.                         exit(1);
  146.                 }
  147.                 else {
  148.                         if(pw_pos == strlen(pw_str1))
  149.                                 fprintf(out, "%s", pw_str1);
  150.                         else
  151.                                 fprintf(out, "%s", pw_str2);
  152.  
  153.                         fprintf(out, "%s\n", passwd);
  154.                 }
  155.         }
  156.  
  157. }
  158.