abyss.conf - password encryption

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Sun Feb 24, 2019 9:27 pm    Post subject: abyss.conf - password encryption Reply with quote

Trying to create user programmatically but password encryption does not work as described here (in 15 years old post) https://aprelium.com/forum/viewtopic.php?p=11088#11088

have created 'testuser' with password 'testuser' from GUI and it have password hash:

7bf1fcd6b1d5852e78e994f436d39612

but if perform command: 'echo testuser:testuser|md5sums.exe' got

114FB1223597FA6D2CB07519E9178100

Does method of password encryption change in the meantime?

Abyss Web Server X1 (v 2.12)

L.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 921

PostPosted: Fri Mar 01, 2019 6:14 pm    Post subject: Re: abyss.conf - password encryption Reply with quote

lazna,

Try instead:

Code:

echo -n "testuser:testuser" | md5sum


the echo command adds end of line and carriage return chars when called without -n. These invisible characters change the md5 sum.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Fri Mar 01, 2019 11:28 pm    Post subject: Reply with quote

Thanks for reply.

I am on windows where echo does not accept parameters, but there is a way how to echo string without newline:

https://stackoverflow.com/questions/7105433/windows-batch-echo-without-new-line

tested this does not create trailing CRLF

---------------
echo|set /p="testuser:testuser"
testuser:testuser
---------------

but this does not help:

echo|set /p="testuser:testuser"| md5sums.exe
f9f0c452e6df5dd6cc3c5807f03f5517 *-

Any other idea?

L.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 921

PostPosted: Fri Mar 08, 2019 4:25 pm    Post subject: Reply with quote

lazna,

The post you referred to had the wrong algorithm. The good algorithm is in https://aprelium.com/forum/viewtopic.php?p=15453#15453 .

It is in pseudo-code:
Code:
MD5(BASE64( USER + ":" + PASS ))


How to do that in the command line, you can try:

Code:
powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"testuser:testsuer\"))" | md5sums


The contrived powershell invocation is inspired by the discussion in https://stackoverflow.com/questions/37046771/base64-encode-string-command-line-windows . You can replace it with echo and a proper base64 encoder tool invocation if you have one.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Thu Mar 14, 2019 6:14 pm    Post subject: SOLVED Reply with quote

So finaly, following commands chain give me identical string as one generated by program if user is added from GUI for username: 'testuser' and passwd 'testuser'

echo|set /p="testuser:testuser" | base64.exe -e | md5sums.exe

The glitch with "echo|set /p.........." is present to supress trailing CRLF.

Used external utilities:

http://www.f2ko.de/en/b64.php
MD5sums.exe from http://gnuwin32.sourceforge.net/packages/coreutils.htm package
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 921

PostPosted: Thu Mar 21, 2019 4:50 pm    Post subject: Re: SOLVED Reply with quote

lazna,

Thank you for getting back with the detailed list of tools that you've used.

As a side note, Windows scripting is painful. :)
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 32

PostPosted: Wed Apr 03, 2019 9:40 am    Post subject: Re: SOLVED Reply with quote

admin wrote:
lazna,
Thank you for getting back with the detailed list of tools that you've used.


You are welcome. Could you please edit your post with wrong algorithm accordingly? To prevent mislead other people in the future..

Quote:

As a side note, Windows scripting is painful


Is not, there are TONS of console utilities writen for Win32 since 1995 when Win95 was released. When I have proper algorithm, than is 10 minute job to asseble suitable utilities into chain.
Windows console abilities are heavily underestimated. And Microsoft still working on it: https://devblogs.microsoft.com/commandline/
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 921

PostPosted: Thu Apr 04, 2019 3:36 pm    Post subject: Re: SOLVED Reply with quote

lazna wrote:
You are welcome. Could you please edit your post with wrong algorithm accordingly? To prevent mislead other people in the future..


Edited and fixed as you've suggested.

Quote:
Is not, there are TONS of console utilities writen for Win32 since 1995 when Win95 was released. When I have proper algorithm, than is 10 minute job to asseble suitable utilities into chain.
Windows console abilities are heavily underestimated. And Microsoft still working on it: https://devblogs.microsoft.com/commandline/


Thank you for the URL.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group