Decrypting Cisco type-7 passwords on a IOS router. I saw this once on the net and thought it could come in handy… This does not work for type-5 passwords!

Turn on type-7 encryption for local passwords and create a temp username:

1
2

Router1(config)#service password-encryption
Router1(config)#username tempuser password !@&*^&*^$#

Show the created username:

1

Router1(config)#do show run | include username username tempuser password 7 -encrypted string-

Create a key chain and enter the type-7 encrypted password as the key string:

1
2
3

Router1(config)#key chain decrypt
Router1(config-keychain)#key 1
Router1(config-keychain-key)#key-string 7 -encrypted string-

The show command will now do the decryption:

1

Router1(config-keychain-key)#do show key chain decrypt

Key-chain decrypt:

key 1 — text “testuser:decyptedpassword”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]