Jump to content
Sign in to follow this  
Followers 0
marko001

Check remote credentials

By marko001, in AutoIt General Help and Support

Recommended Posts

marko001    2

marko001
Posted

Hi all,

I'm using a MySQL DB on an hosting where people can subscribe and create their username/password.

I'm now building a tool that, first of all, wants to check if credentials are correct.

Using 

#include <mysql.au3>

I can easily connect to DB.

I can see tables and WP_Users table.

What I wanted to to is check username & password, but, found the username, I can't convert password to hashed Wordpress method.

Using 

MsgBox(0, "Decrypted data", BinaryToString(_Crypt_DecryptData("$P$BliO2IAijM.ouBc2.BqypXV4683OdB0", "", $CALG_MD5)))

and 

MsgBox(0,"",BinaryToString(_Crypt_HashData("testpw",$CALG_MD5)))

gives me different results.

I see, looking in DB, that Wordpress saves pw in this kind of format: "$P$BliO2IAijM.ouBc2.BqypXV4683OdB0" (example of password)

There is also http://codex.wordpress.org/Function_Reference/wp_hash_password but I can't imagine how to use it inside AutoIt.

Is there a solution for this?

Thanks,

M.

Share this post

Link to post
Share on other sites

spudw2k    166

spudw2k
Posted

It appears that it uses either Base64, DES or Blowfish.

It would take me some time to convert this to au3, but I'm no expert.

http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/class-phpass.php

Spoiler

Things I've Made: AU HistoryDeck of CardsHideItICUIcon FreezerIpod EjectorLink DownloaderMD5 Folder EnumeratorPing ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCam System UpTime Transparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetreive SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Share this post

Link to post
Share on other sites

marko001    2

marko001
Posted

And there is no way to send to mysql the clean password letting it to do the dirty work? It's mandatory to send it the hashed pw? (so I need to know algorithm autoit-side)

M.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing AutoIt General Help and Support
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept