Jump to content

Reading a hash password in a dat file located on a website

Iceman682

By Iceman682,
in AutoIt General Help and Support

 Share

Recommended Posts

Iceman682 Adventurer

Iceman682

Posted
Posted (edited) 

#include <AD.au3>
#include <TreeviewConstants.au3>
#include <WindowsConstants.au3>
#include <GUIConstants.au3>
#include <GuiTreeView.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <GUIButton.au3>
#include <GuiToolTip.au3>
#include <Process.au3>
#include <Crypt.au3>
Global $LoginGUI, $tCancel, $tStart, $tPassword, $Input_Username

$Title = "Login"
$LoginGUI = GUICreate($Title, 225, 180, -1, -1, $WS_DLGFRAME)
GUICtrlCreateLabel("Internet Connection Required!", 5, 5, 180, 17)
GUICtrlSetFont(-1, 9, 800, 0, "MS Sans Serif")
GUICtrlSetColor(-1, 0xff0000) ; Red
GUICtrlCreateLabel("User Name:", 5, 30)
$Input_Username = GUICtrlCreateInput("", 65, 25, 155, 20)
GUICtrlSetTip(-1, "Case Sensitive", "", 0, 1)
GUICtrlCreateLabel("Password:", 5, 55)
$tPassword = GUICtrlCreateInput("", 65, 50, 155, 20, $ES_PASSWORD)
GUICtrlSetTip(-1, "Case Sensitive", "", 0, 1)
$tCancel = GUICtrlCreateButton(" Cancel", 5, 75, 100, 64)
GUICtrlSetImage(-1, "shell32.dll", 28)
$tStart = GUICtrlCreateButton("Login", 120, 75, 100, 64)
GUICtrlSetImage(-1, "shell32.dll", 48)
GUISetState()
GUICtrlSetState($tStart, $GUI_DEFBUTTON)
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE, $tCancel
Exit
Case $tStart
If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($tPassword) = "" Then ;If these fields are empty then don't proceed.
MsgBox(0, "Whoops!", "Enter both Username & Password, then try again.", 0, $LoginGUI)
Else
GUISetState(@SW_HIDE) ;Temporary hide GUI
SplashTextOn($Title, "Verifying Username && Password, please wait...", 320, 50, -1, -1, 33, "Comic Sans MS", 10)
If InetRead("http://AWebsite.com/" & GUICtrlRead($Input_Username) & ".dat", 1) = _Crypt_HashData GUICtrlRead($tPassword, $CALG_MD5) Then
SplashOff()
GUIDelete($LoginGUI)
ExitLoop
Else
SplashOff()
GUISetState(@SW_SHOW)
MsgBox(0, "Login Failure", "Wrong Username or Password." & @CRLF & "Remember, Username and Password are case sensitive.", 0, $LoginGUI)
EndIf
EndIf
EndSwitch
WEnd
Hi Everyone

I am trying to get my login part of my script to read the hash password on my my website. I have tried all permitations and I'm unable to get it to work.

I have a funny feeling I'm way off base. Reading a plain text password is fine with this:

If InetRead("http://AWebsite.com/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($tPassword) Then

If there is a better way to control passwords I would love to know how this can be done.

Any assistance most welcome.

BTW: has anyone come across while running a script everything works fine, expected results are correct but after you have complied it including obfuscator, running the compiled exe gives different results?

Edited by Iceman682
Link to comment
Share on other sites
FireFox Universalist

FireFox

Posted
Posted

Hi,

If the password stored is encrypted with a non reversing algorithm (like MD5), you must check the password stored on the DB and compare it to the encrypted password with the same algorithm, which is what you did.

Br, FireFox.

Link to comment
Share on other sites
FireFox Universalist

FireFox

Posted
Posted

The hash is stored in a dat file I.e username.dat. How can I get it to read the hash password contained in the dat file?

The best way would to use a database combined with sqlite udf/make a get request to have the password.

But it's more a database question than an autoit one.

Br, FireFox.

Link to comment
Share on other sites
dany Polymath

dany

Posted
Posted

I agree with FireFox that a database would be a better place to store passwords, files named after the users are dead giveaways...

But ok. If you've stored the hash as a hexadecimal string then I'm guessing InetRead is seeing the hash as plaintext and returns that in binary format, e.g. converts each individual hex character to a byte:

Global $bTest = _Crypt_HashData('a test pass phrase...', $CALG_MD5)
MsgBox(0, 'Binary and Hex String', $bTest & @CRLF & Hex($bTest)) ; How the hash looks, note the 0x.
MsgBox(0, 'Binary and Hex String cast as Binary', $bTest & @CRLF & Binary(Hex($bTest))) ; How InetRead returns the hash.
MsgBox(0, 'Binary compared to Hex String cast as Binary', $bTest = Binary(Hex($bTest))) ; False.

In that case you'll first have to convert the return value of InetRead back to a plaintext string with BinaryToString, prepend '0x' and cast to binary again. Then compare with the return value of _Crypt_HashData.

[center]Spiderskank Spiderskank[/center]GetOpt Parse command line options UDF | AU3Text Program internationalization UDF | Identicon visual hash UDF

Link to comment
Share on other sites
Iceman682 Adventurer

Iceman682

Posted
  • Author
Posted

Many thanks for the information, I had no idea this was a viable route and I would have no idea where to start with storing credentails in a database, could someone point me in the right direction or give an example?

The only database I have access to is one supplied by my website hosting company, could this be used?

Link to comment
Share on other sites
FireFox Universalist

FireFox

Posted
Posted

As pointed out in post #6 I have no idea where to start could someone point me in the right direction?

Maybe you should start by learning how to store password in a database (quite easy) with some php and mysql.

Then do as I said in the post #4.

Br, FireFox.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...