Jump to content
Sign in to follow this  
Iceman682

Reading a hash password in a dat file located on a website

Recommended Posts

Iceman682

#include <AD.au3>
#include <TreeviewConstants.au3>
#include <WindowsConstants.au3>
#include <GUIConstants.au3>
#include <GuiTreeView.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <GUIButton.au3>
#include <GuiToolTip.au3>
#include <Process.au3>
#include <Crypt.au3>
Global $LoginGUI, $tCancel, $tStart, $tPassword, $Input_Username

$Title = "Login"
$LoginGUI = GUICreate($Title, 225, 180, -1, -1, $WS_DLGFRAME)
GUICtrlCreateLabel("Internet Connection Required!", 5, 5, 180, 17)
GUICtrlSetFont(-1, 9, 800, 0, "MS Sans Serif")
GUICtrlSetColor(-1, 0xff0000) ; Red
GUICtrlCreateLabel("User Name:", 5, 30)
$Input_Username = GUICtrlCreateInput("", 65, 25, 155, 20)
GUICtrlSetTip(-1, "Case Sensitive", "", 0, 1)
GUICtrlCreateLabel("Password:", 5, 55)
$tPassword = GUICtrlCreateInput("", 65, 50, 155, 20, $ES_PASSWORD)
GUICtrlSetTip(-1, "Case Sensitive", "", 0, 1)
$tCancel = GUICtrlCreateButton(" Cancel", 5, 75, 100, 64)
GUICtrlSetImage(-1, "shell32.dll", 28)
$tStart = GUICtrlCreateButton("Login", 120, 75, 100, 64)
GUICtrlSetImage(-1, "shell32.dll", 48)
GUISetState()
GUICtrlSetState($tStart, $GUI_DEFBUTTON)
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE, $tCancel
Exit
Case $tStart
If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($tPassword) = "" Then ;If these fields are empty then don't proceed.
MsgBox(0, "Whoops!", "Enter both Username & Password, then try again.", 0, $LoginGUI)
Else
GUISetState(@SW_HIDE) ;Temporary hide GUI
SplashTextOn($Title, "Verifying Username && Password, please wait...", 320, 50, -1, -1, 33, "Comic Sans MS", 10)
If InetRead("http://AWebsite.com/" & GUICtrlRead($Input_Username) & ".dat", 1) = _Crypt_HashData GUICtrlRead($tPassword, $CALG_MD5) Then
SplashOff()
GUIDelete($LoginGUI)
ExitLoop
Else
SplashOff()
GUISetState(@SW_SHOW)
MsgBox(0, "Login Failure", "Wrong Username or Password." & @CRLF & "Remember, Username and Password are case sensitive.", 0, $LoginGUI)
EndIf
EndIf
EndSwitch
WEnd
Hi Everyone

I am trying to get my login part of my script to read the hash password on my my website. I have tried all permitations and I'm unable to get it to work.

I have a funny feeling I'm way off base. Reading a plain text password is fine with this:

If InetRead("http://AWebsite.com/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($tPassword) Then

If there is a better way to control passwords I would love to know how this can be done.

Any assistance most welcome.

BTW: has anyone come across while running a script everything works fine, expected results are correct but after you have complied it including obfuscator, running the compiled exe gives different results?

Edited by Iceman682

Share this post


Link to post
Share on other sites
FireFox

Hi,

If the password stored is encrypted with a non reversing algorithm (like MD5), you must check the password stored on the DB and compare it to the encrypted password with the same algorithm, which is what you did.

Br, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Iceman682

The hash is stored in a dat file I.e username.dat. How can I get it to read the hash password contained in the dat file?

Share this post


Link to post
Share on other sites
FireFox

The hash is stored in a dat file I.e username.dat. How can I get it to read the hash password contained in the dat file?

The best way would to use a database combined with sqlite udf/make a get request to have the password.

But it's more a database question than an autoit one.

Br, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
dany

I agree with FireFox that a database would be a better place to store passwords, files named after the users are dead giveaways...

But ok. If you've stored the hash as a hexadecimal string then I'm guessing InetRead is seeing the hash as plaintext and returns that in binary format, e.g. converts each individual hex character to a byte:

Global $bTest = _Crypt_HashData('a test pass phrase...', $CALG_MD5)
MsgBox(0, 'Binary and Hex String', $bTest & @CRLF & Hex($bTest)) ; How the hash looks, note the 0x.
MsgBox(0, 'Binary and Hex String cast as Binary', $bTest & @CRLF & Binary(Hex($bTest))) ; How InetRead returns the hash.
MsgBox(0, 'Binary compared to Hex String cast as Binary', $bTest = Binary(Hex($bTest))) ; False.

In that case you'll first have to convert the return value of InetRead back to a plaintext string with BinaryToString, prepend '0x' and cast to binary again. Then compare with the return value of _Crypt_HashData.


[center]Spiderskank Spiderskank[/center]GetOpt Parse command line options UDF | AU3Text Program internationalization UDF | Identicon visual hash UDF

Share this post


Link to post
Share on other sites
Iceman682

Many thanks for the information, I had no idea this was a viable route and I would have no idea where to start with storing credentails in a database, could someone point me in the right direction or give an example?

The only database I have access to is one supplied by my website hosting company, could this be used?

Share this post


Link to post
Share on other sites
FireFox

The only database I have access to is one supplied by my website hosting company, could this be used?

Of course.

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Iceman682

Anyone able to assist please?

Share this post


Link to post
Share on other sites
FireFox

Anyone able to assist please?

For what?

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Iceman682

As pointed out in post #6 I have no idea where to start could someone point me in the right direction?

Edited by Iceman682

Share this post


Link to post
Share on other sites
FireFox

As pointed out in post #6 I have no idea where to start could someone point me in the right direction?

Maybe you should start by learning how to store password in a database (quite easy) with some php and mysql.

Then do as I said in the post #4.

Br, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×