Wednesday, December 25, 2013

Very first post: Close of csabyblog and opening of theevilbit

Time has come to move on, the original blog filled in its purpose, and now I would like to extend it, and so had to find a better name, especially if I want more contributors, so can't have my own name in the blog's title / URL :)

Inspired by RFC 3514 I created this new blog, with the name "The Evil Bit".

From now on, I will post here, I moved all of my content from csabyblog to here, but that blog will remain open for a while - and I'm still uncertain at this point if I will delete it some point or not.

Welcome on the new blog. :-)

Monday, December 23, 2013

Happy Holidays!

Happy Holidays for everyone!


      __,_,_,___)          _______
    (--| | |             (--/    ),_)        ,_) 
       | | |  _ ,_,_        |     |_ ,_ ' , _|_,_,_, _  ,
     __| | | (/_| | (_|     |     | ||  |/_)_| | | |(_|/_)___,
    (      |___,   ,__|     \____)  |__,           |__,

                            |                         _...._
                         \  _  /                    .::o:::::.
                          (\o/)                    .:::'''':o:.
                      ---  / \  ---                :o:_    _:::
                           >*<                     `:}_>()<_{:'
                          >0<@<                 @    `'//\\'`    @ 
                         >>>@<<*              @ #     //  \\     # @
                        >@>*<0<<<           __#_#____/'____'\____#_#__
                       >*>>@<<<@<<         [__________________________]
                      >@>>0<<<*<<@<         |=_- .-/\ /\ /\ /\--. =_-|
                     >*>>0<<@<<<@<<<        |-_= | \ \\ \\ \\ \ |-_=-|
                    >@>>*<<@<>*<<0<*<       |_=-=| / // // // / |_=-_|
      \*/          >0>>*<<@<>0><<*<@<<      |=_- |`-'`-'`-'`-'  |=_=-|
  ___\\U//___     >*>>@><0<<*>>@><*<0<<     | =_-| o          o |_==_| 
  |\\ | | \\|    >@>>0<*<<0>>@<<0<<<*<@<    |=_- | !     (    ! |=-_=|
  | \\| | _(UU)_ >((*))_>0><*<0><@<<<0<*<  _|-,-=| !    ).    ! |-_-=|_
  |\ \| || / //||.*.*.*.|>>@<<*<<@>><0<<@</=-((=_| ! __(:')__ ! |=_==_-\
  |\\_|_|&&_// ||*.*.*.*|_\\db//__     (\_/)-=))-|/^\=^=^^=^=/^\| _=-_-_\
  """"|'.'.'.|~~|.*.*.*|     ____|_   =('.')=//   ,------------.      
  jgs |'.'.'.|   ^^^^^^|____|>>>>>>|  ( ~~~ )/   (((((((())))))))   
      ~~~~~~~~         '""""`------'  `w---w`     `------------'

Source: http://www.chris.com/ascii/

Sunday, December 15, 2013

Tool: Cisco Type 7 Password Decrypter

I made a small tool to decrypt Cisco IOS type 7 passwords, it can also encrypt clear text passwords if required. 

You can find how the passwords are encrypted / decrypted in the following article from SANS:

I made this script in order to practice, and I realized that Cisco passwords can be custom long, and none of the existing tools has a full XLAT table to make the decryption. I made very long (50+ characters) passwords, made from the same letter. I realized that after 51 characters the encryption is the same, meaning that the full XLAT table is 51 size long, and if the password is longer it will start from the beginning. Based on this, I got the full table:

xlat = [0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64
, 0x4a, 0x4b, 0x44, 0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39, 0x38, 0x33, 0x34, 0x6e, 0x63,
0x78, 0x76, 0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37]

The tool usage:

c:\>ciscot7.py --help
Usage: ciscot7.py [options]

Options:
  -h, --help            show this help message and exit
  -e, --encrypt         Encrypt password
  -d, --descrypt        Decrypt password. This is the default
  -p PASSWORD, --password=PASSWORD
                        Password to encrypt / decrypt
  -f FILE, --file=FILE  Cisco config file, only for decryption

If we specify a config file, it will look for all type 7 passwords in it.

License: MIT

You can download it from: https://sites.google.com/site/csabyblog/home/ciscot7