pyrad 获取明文密码
pyrad get plaintext password
我正在尝试使用 pyrad 构建一个简单的 Radius 服务器。它工作正常,但是要检查用户的密码到我的记录我首先需要明文密码。
我的代码:
#!/usr/bin/python
from __future__ import print_function
from pyrad import dictionary, packet, server
import six
import logging
from pyrad.tools import *
from pyrad.packet import AuthPacket
try:
import hashlib
md5_constructor = hashlib.md5
except ImportError:
# BBB for python 2.4
import md5
md5_constructor = md5.new
logging.basicConfig(filename="pyrad.log", level="DEBUG",
format="%(asctime)s [%(levelname)-8s] %(message)s")
def dump(obj):
for attr in dir(obj):
if hasattr( obj, attr ):
print( "obj.%s = %s" % (attr, getattr(obj, attr)))
class FakeServer(server.Server):
def HandleAuthPacket(self, pkt):
pwd = pkt.PwDecrypt(pkt['User-Password'][0])
uname = pkt['User-Name'][0]
print (uname)
print ('Plaintext PW: {}' . format(pwd))
print("Received an authentication request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt, **{
"Service-Type": "Framed-User",
"Framed-IP-Address": '192.168.0.1',
"Framed-IPv6-Prefix": "fc66::1/64"
})
reply.code = packet.AccessAccept
self.SendReplyPacket(pkt.fd, reply)
def HandleAcctPacket(self, pkt):
print("Received an accounting request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt)
self.SendReplyPacket(pkt.fd, reply)
def HandleCoaPacket(self, pkt):
print("Received an coa request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt)
self.SendReplyPacket(pkt.fd, reply)
def HandleDisconnectPacket(self, pkt):
print("Received an disconnect request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt)
# COA NAK
reply.code = 45
self.SendReplyPacket(pkt.fd, reply)
if __name__ == '__main__':
# create server and read dictionary
srv = FakeServer(dict=dictionary.Dictionary("dictionary"), coa_enabled=True)
# add clients (address, secret, name)
srv.hosts["xxx.xxx.xxx.xxx"] = server.RemoteHost("xxx.xxx.xxx.xxx", b"mysecretpw", "xxx.xxx.xxx.xxx")
srv.BindToAddress("")
# start server
srv.Run()
它的输出是:
b'thisistheusername\xe1\xe9'
Plaintext PW: b'\xc6NK\x18\xcb\xea\xd2Ne6t\xe1[p{\xb9'
Received an authentication request
Attributes:
User-Name: [b'thisistheusername\xe1\xe9']
User-Password: [b'r?\xbd7\xbd&\x9b\xdc17i\xc1\xc6\x95\xe6\xee']
我正在使用 NTRadPing 进行测试。输入是:
Username: thisistheusernameáé
Password: asdasd
所以我的问题是无法获取原始明文密码。我做错了什么?
pyrad 服务器在 Ubuntu Xenial 上 运行。
您可以在 GitHub 中找到它:https://github.com/wichert/pyrad
非常感谢!
从根本上说,您真的不应该访问明文密码。您应该将密码的哈希值与您存储的哈希值进行比较,以验证登录而不是比较纯文本。
我找到了解决办法!
代码完美。问题是我尝试使用错误的 SECRET 密钥进行身份验证。
由于密码被加密到包中,代码无法使用错误的密钥解密它。
我正在尝试使用 pyrad 构建一个简单的 Radius 服务器。它工作正常,但是要检查用户的密码到我的记录我首先需要明文密码。
我的代码:
#!/usr/bin/python
from __future__ import print_function
from pyrad import dictionary, packet, server
import six
import logging
from pyrad.tools import *
from pyrad.packet import AuthPacket
try:
import hashlib
md5_constructor = hashlib.md5
except ImportError:
# BBB for python 2.4
import md5
md5_constructor = md5.new
logging.basicConfig(filename="pyrad.log", level="DEBUG",
format="%(asctime)s [%(levelname)-8s] %(message)s")
def dump(obj):
for attr in dir(obj):
if hasattr( obj, attr ):
print( "obj.%s = %s" % (attr, getattr(obj, attr)))
class FakeServer(server.Server):
def HandleAuthPacket(self, pkt):
pwd = pkt.PwDecrypt(pkt['User-Password'][0])
uname = pkt['User-Name'][0]
print (uname)
print ('Plaintext PW: {}' . format(pwd))
print("Received an authentication request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt, **{
"Service-Type": "Framed-User",
"Framed-IP-Address": '192.168.0.1',
"Framed-IPv6-Prefix": "fc66::1/64"
})
reply.code = packet.AccessAccept
self.SendReplyPacket(pkt.fd, reply)
def HandleAcctPacket(self, pkt):
print("Received an accounting request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt)
self.SendReplyPacket(pkt.fd, reply)
def HandleCoaPacket(self, pkt):
print("Received an coa request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt)
self.SendReplyPacket(pkt.fd, reply)
def HandleDisconnectPacket(self, pkt):
print("Received an disconnect request")
print("Attributes: ")
for attr in pkt.keys():
print("%s: %s" % (attr, pkt[attr]))
reply = self.CreateReplyPacket(pkt)
# COA NAK
reply.code = 45
self.SendReplyPacket(pkt.fd, reply)
if __name__ == '__main__':
# create server and read dictionary
srv = FakeServer(dict=dictionary.Dictionary("dictionary"), coa_enabled=True)
# add clients (address, secret, name)
srv.hosts["xxx.xxx.xxx.xxx"] = server.RemoteHost("xxx.xxx.xxx.xxx", b"mysecretpw", "xxx.xxx.xxx.xxx")
srv.BindToAddress("")
# start server
srv.Run()
它的输出是:
b'thisistheusername\xe1\xe9'
Plaintext PW: b'\xc6NK\x18\xcb\xea\xd2Ne6t\xe1[p{\xb9'
Received an authentication request
Attributes:
User-Name: [b'thisistheusername\xe1\xe9']
User-Password: [b'r?\xbd7\xbd&\x9b\xdc17i\xc1\xc6\x95\xe6\xee']
我正在使用 NTRadPing 进行测试。输入是:
Username: thisistheusernameáé
Password: asdasd
所以我的问题是无法获取原始明文密码。我做错了什么?
pyrad 服务器在 Ubuntu Xenial 上 运行。
您可以在 GitHub 中找到它:https://github.com/wichert/pyrad
非常感谢!
从根本上说,您真的不应该访问明文密码。您应该将密码的哈希值与您存储的哈希值进行比较,以验证登录而不是比较纯文本。
我找到了解决办法!
代码完美。问题是我尝试使用错误的 SECRET 密钥进行身份验证。
由于密码被加密到包中,代码无法使用错误的密钥解密它。