def test_compare(self, User): from passlib.hash import md5_crypt obj = User() obj.password = Password(md5_crypt.hash('b')) other = User() other.password = Password(md5_crypt.hash('b')) # Not sure what to assert here; the test raised an error before. assert obj.password != other.password
def write_vmx_config(d1, i): print("creating vmx config ", i) line1 = [] line1.append("system {") line1.append(" host-name " + i + ";") line1.append(" root-authentication {") line1.append(" encrypted-password \"" + md5_crypt.hash(d1['vmm_pod']['junos_login']['password']) + "\";") line1.append(" }") line1.append(" login {") line1.append(" user " + d1['vmm_pod']['junos_login']['login'] + " {") line1.append(" class super-user;") line1.append(" authentication {") line1.append(" encrypted-password \"" + md5_crypt.hash(d1['vmm_pod']['junos_login']['password']) + "\";") line1.append(" }") line1.append(" }") line1.append(" }") line1.append(""" services { ssh; netconf { ssh; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } } chassis { network-services enhanced-ip; }""") line1.append("""interfaces { fxp0 { unit 0 { family inet { address %s; } } } }""" % (d1['vm'][i]['interfaces']['fxp0'][1])) f1 = param1.tmp_dir + i + ".conf" write_to_file(f1, line1)
def __call__(self): ''' Actually reset the password, if correct key (from sent link) is used to come here and member is identifiable from request. ''' self.login_necessary = False session = DBSession() md = self.request.matchdict def info(msg): return dict(form="", m=None, key=None, msg=msg) if not 'key' in md or md['key'] == "": return info(u'Sorry, no key given to grant reset request.') member = get_member(session, self.request) if not member: return info(u'Sorry, cannot identify member.') if member.mem_pwd_url != md['key']: return info(u'Sorry, the reset request cannot be authorised.') if 'pwd1' not in self.request.params: # show password reset form return dict(m=member, form='reset', key=md['key']) # set new password member.validate_pwd(self.request) pwd = str(self.request.params['pwd1']) member.mem_enc_pwd = md5_crypt.hash(pwd) member.mem_pwd_url = '' return info(u'Password has been set.'\ ' Please use the new password the next time you log in.')
def resetpassword(user, password): db = sqlite3.connect(DB_FILE) c = db.cursor() params = (md5_crypt.hash(password), user) c.execute("UPDATE users SET password = ? WHERE email = ?", params) db.commit() db.close()
def enter_reset_password(): form = passwordReset() if request.method == "POST" and form.validate_on_submit(): token_value = request.args.get("token") verify_token = Reset_password.query.filter_by(token=token_value).first() if verify_token: current_time = time.time() if current_time >= verify_token.dateTime: db.session.delete(verify_token) db.session.commit() # error message flash("token has expired, try again") return redirect(f"/enter-reset-password?token={token_value}") else: # success msg password = request.form.get("password") password = md5_crypt.hash(password) user_id = request.args.get("i") user = User.query.filter_by(id=user_id).first() user.password = password delete_confirm = Reset_password.query.filter_by(mail=user.email).all() for each_delete_confirm in delete_confirm: db.session.delete(each_delete_confirm) db.session.commit() flash("You have successfully changed your password") return redirect(url_for("login")) else: flash("token does not exist") return redirect(url_for("enter_reset_password")) else: return render_template('enter_reset_password.html', form=form)
def fill_data(self): ''' Fills in dummy content that we will use for testing 2 members, Peter and Hans. 2 workgroups, Systems and Besteling. Peter is the only member in Systems. Both are members in Bestel, with Hans leading that one. Bestel has a shift ('do stuff') for Peter. ''' m1 = Member(fname=u'Peter', prefix=u'de', lname='Pan') m1.mem_email = '*****@*****.**' m1.mem_enc_pwd = md5_crypt.hash('notsecret') self.DBSession.add(m1) m2 = Member(fname=u'Hans', prefix=u'de', lname='Wit') m1.mem_email = '*****@*****.**' self.DBSession.add(m2) wg1 = Workgroup(name=u'Systems', desc=u'IT stuff') self.DBSession.add(wg1) wg2 = Workgroup(name=u'Besteling', desc=u'Besteling at wholesale') self.DBSession.add(wg2) self.DBSession.flush() # flush now to get member and workgroup IDs wg1.members.append(m1) wg1.leaders.append(m1) wg2.members.append(m1) wg2.members.append(m2) wg2.leaders.append(m2) self.DBSession.flush() s = Shift(wg2.id, 'do stuff', 2012, 6, member=m1) self.DBSession.add(s) self.DBSession.flush() # reserved transaction types for rt in reserved_ttype_names: self.DBSession.add(TransactionType(name=rt)) self.DBSession.flush()
def password_set(request, template_name='password_set_form.html'): if request.method == "POST": data = request.POST customer_id = data.get('customer_id', '') new_password2 = data.get('new_password2', '') from passlib.hash import md5_crypt password = md5_crypt.hash(new_password2) obj = Customer.objects.get(id=customer_id) obj.password = password obj.save() CorePasswordAlter.objects.filter(customer_id=customer_id).update( isvalid=False) messages.add_message(request, messages.SUCCESS, _lazy(u'密码修改成功')) return HttpResponseRedirect('/login') uuids = request.GET.get('uuid', '') token = request.GET.get('token', '') try: p_obj = CorePasswordAlter.objects.get(uuid=uuids, token=token) customer_id = p_obj.customer_id expire_time = p_obj.expire_time isvalid = p_obj.isvalid if (time.time() > expire_time) or (not isvalid): return TemplateResponse(request, 'http404.html', {}) else: return TemplateResponse(request, template_name, { 'uuid': uuids, 'token': token, 'customer_id': customer_id, }) except: return TemplateResponse(request, 'http404.html', {})
def Validate_Md5(**kwargs): ''' **kwargs=( password= Clean text password, hashed= Hashed Md5 password) Return string containing status ''' if not kwargs.get("hashed"): return ("Error,hash not provided") if "$1$" not in kwargs.get('hashed'): return ("Error, hash not well defined") try: from passlib.hash import md5_crypt except: return ("This module requires passlib module") try: salt = re.search('\$\d\$(.*)\$', kwargs.get("hashed")).group(1) try: h = md5_crypt.hash(kwargs.get("password"), salt=salt) except: return ("Error, password not defined") except: return ("Error, hash not defined") if h == kwargs.get("hashed"): return ("Match") else: return ("Not Match")
def push_file(name, password, file, filename, socketio): r = redis.Redis() mimetype = mimetypes.MimeTypes().guess_type(filename)[0] if mimetype is None: mimetype = 'application/octet-stream' base = file_to_base64(file) plaintext = filename.encode() + b'mimetype:' + mimetype.encode( ) + b'filedata:' + base data = encrypt(password, plaintext) blocks = textwrap.wrap(data.decode(), BLOCK_SIZE) i = 0 for block in blocks: block_id = uuid.uuid1().hex # Set block to file name hashtable block_hash = md5_crypt.hash(block) r.hset('file-' + name, 'block' + str(i), block_id) # Set connection between block id and hash r.hset(block_id, 'hash', block_hash) nodes = pickle.dumps(set()) r.hset(block_id, 'nodes', nodes) i += 1 t = threading.Thread(target=push_block, args=(block, block_id, get_available_nodes(20), socketio)) t.start()
def signup(): signup_data = sign_up_data() user_name = signup_data['username'] password = signup_data['password'] phone = signup_data['phone'] email = signup_data['email'] check_if_user_exist = self.user.query.filter_by(email=email).all() if len(check_if_user_exist) > 0: signup_message = { "failure": "The email you are trying use already exist" } else: password = md5_crypt.hash(password) check_for_first_user = len(self.user.query.all()) if not check_for_first_user: user = self.user(username=user_name, is_admin=True, phone=phone, email=email, password=password) else: user = self.user(username=user_name, is_admin=False, phone=phone, email=email, password=password) self.db.session.add(user) self.db.session.commit() signup_message = {"success": "you have sign up successfully"} return jsonify(signup_message)
def create_user(username, password, is_admin=False): user = get_user(username) if not user: password = md5_crypt.hash(password) user = User(username=username, password=password, is_admin=is_admin) db.session.add(user) db.session.commit() return user
def md5_hash(txt): ''' Returns the MD5 Hashed secret for use as a password hash in the PanOS configuration :param txt: text to be hashed :return: password hash of the string with salt and configuration information. Suitable to place in the phash field in the configurations ''' return md5_crypt.hash(txt)
def add_user(name, email, password, security_question, security_answer): db = sqlite3.connect(DB_FILE) c = db.cursor() password = md5_crypt.hash(password) params = (name, email, password, security_question, security_answer) c.execute("INSERT INTO users VALUES(?, ?, ?, ?, ?)", params) db.commit() db.close()
def signup(): if current_user.is_authenticated: return redirect(url_for('dashboard')) form = MyForm() if request.method == "POST" and form.validate_on_submit(): # referral = request.form.get('ref') email = form.email.data password = form.password.data username = form.username.data bank_name = form.bank_name.data account_name = form.account_name.data account_number = form.account_number.data bitcoin_wallet = form.bitcoin_wallet.data mobile_number = form.mobile_number.data country = request.form.get("country") referral = form.referral.data password = md5_crypt.hash(password) check_for_first_user = len(User.query.all()) if not check_for_first_user: user = User(username=username, referral=referral, is_admin=True, password=password, country=country, account_number=account_number, account_name=account_name, bitcoin_addr=bitcoin_wallet, bank_name=bank_name, mobile_number=mobile_number, email=email) else: user = User(username=username, referral=referral, is_admin=False, password=password, country=country, account_number=account_number, account_name=account_name, bitcoin_addr=bitcoin_wallet, bank_name=bank_name, mobile_number=mobile_number, email=email) db.session.add(user) db.session.commit() flash("You have signed up successfully") return redirect('/login') else: ref = request.args.get("ref") context = {"ref": ref} all_tasks = Admin_tasks.query.all() for task in all_tasks: context[f"{task.key}"] = task.value return render_template("sign_up.html", form=form, context=context)
def enter_token(): if request.method == "POST": token_value = request.form.get("token") print(token_value) verify_token = Confirm_mail.query.filter_by(token=token_value).first() if verify_token: current_time = time.time() print(current_time, verify_token.dateTime) if current_time >= float(verify_token.dateTime): db.session.delete(verify_token) db.session.commit() flash("token has expired, try again") return redirect(url_for("sign_up")) else: # success msg user_data = json.loads(verify_token.user_details) user_name = user_data.get("username") password = user_data.get("password") email = user_data.get("email") mobile_number = user_data.get("mobile_number") bitcoin_wallet = user_data.get("bitcoin_wallet") account_name = user_data.get("account_name") bank_name = user_data.get("bank_name") account_number = user_data.get("account_number") country = user_data.get("country") referral = user_data.get("referral") password = md5_crypt.hash(password) check_for_first_user = len(User.query.all()) if not check_for_first_user: user = User(username=user_name, referral=referral, is_admin=True, password=password, country=country, account_number=account_number, account_name=account_name, bitcoin_addr=bitcoin_wallet, bank_name=bank_name, mobile_number=mobile_number, email=email) else: user = User(username=user_name, referral=referral, is_admin=False, password=password, country=country, account_number=account_number, account_name=account_name, bitcoin_addr=bitcoin_wallet, bank_name=bank_name, mobile_number=mobile_number, email=email) db.session.add(user) delete_confirm = Confirm_mail.query.filter_by(mail=email).all() for each_delete_confirm in delete_confirm: db.session.delete(each_delete_confirm) db.session.commit() flash("your account has been verified successfully, you can now login") return redirect(url_for("login")) print(verify_token.token) else: flash("token does not exist") return redirect(url_for("enter_token")) else: context = {} all_tasks = Admin_tasks.query.all() for task in all_tasks: context[f"{task.key}"] = task.value return render_template("enter_token.html", context=context)
def __md5_hash(txt: str) -> str: """ Returns the MD5 Hashed secret for use as a password hash in the PAN-OS configuration :param txt: text to be hashed :return: password hash of the string with salt and configuration information. Suitable to place in the phash field in the configurations """ return md5_crypt.hash(txt)
def decrypt_md5(enc_pwd, pwdlist): ##fill this split_enc = enc_pwd.split('$') #print(enc_pwd) for word in pwdlist: #print(md5_crypt.hash(word, salt=split_enc[2])) if md5_crypt.hash(word.rstrip(), salt=split_enc[2]).strip() == enc_pwd.strip(): return word return ""
def bf(h, dictionary): f = open(dictionary, 'r') lines = f.readlines() print('\033[1;34m[*]\033[0m Starting Brute Force - hash = ' + h) for i in lines: h2 = md5_crypt.hash(i[:-1]) if h == h2: print('\033[1;32m[+]\033[0m Hash Cracked! - Password = ' + i)
def encrypt(self, password, type): pwd_hash = "" if (type == "md5"): pwd_hash = md5_crypt.hash(password.strip()) elif (type == "bcrypt"): pwd_hash = bcrypt.hash(password.strip()) elif (type == "sha256"): pwd_hash = sha256_crypt.hash(password.strip()) elif (type == "sha512"): pwd_hash = sha512_crypt.hash(password.strip()) print("Type: {}. Your hash: {}".format(type, pwd_hash)) return pwd_hash
async def createsuperuser(args): await Tortoise.init(config=settings.TORTOISE_ORM) from apps.auth.models import User from passlib.hash import md5_crypt username = input("enter username:"******"username is wrong") password = input("enter password:"******"password is wrong") password = md5_crypt.hash(password) u = await User.create(username=username, password=password, is_superuser=True, is_staff=True, is_active=True) print(Fore.GREEN + "create username:" + u.username)
def test_check_and_update(self, User): """ Should be able to compare the plaintext against a deprecated encrypted form and have it auto-update to the preferred version. """ from passlib.hash import md5_crypt obj = User() obj.password = Password(md5_crypt.hash('b')) assert obj.password.hash.decode('utf8').startswith('$1$') assert obj.password == 'b' assert obj.password.hash.decode('utf8').startswith('$pbkdf2-sha512$')
def sub_account_reset(request, user_id): obj = get_customer_child_obj(request, user_id) if request.method == "POST": new_password2 = request.POST.get('new_password2', None) password = md5_crypt.hash(new_password2) obj.password = password obj.save() messages.add_message(request, messages.SUCCESS, _(u'密码修改成功')) return HttpResponseRedirect(reverse('sub_account')) return render(request, template_name='setting/sub_account_reset.html', context={ 'user_obj': obj, 'user_id': user_id, })
def confirm_signup_token(): token = token_data() print(token) token_value = token['token'] print(token['token']) verify_token = self.confirmMail.query.filter_by( token=token_value).first() if verify_token: current_time = time.time() if current_time >= verify_token.dateTime: self.db.session.delete(verify_token) self.db.session.commit() # error message confirm_message = { "failure": "token has expired, try again" } return confirm_message else: # success msg print(verify_token.user_details) print(type(verify_token.user_details)) user_data = json.loads(verify_token.user_details) credentials = [] for value in user_data.values(): credentials.append(value) user_name, password, *misc = credentials password = md5_crypt.hash(password) user = self.user(username=user_name, password=password) self.db.session.add(user) self.db.session.commit() confirm_message = { "success": "your account has been verified successfully, you can now change password" } # confirm_message = { "success": "your account has been verified successfully" } return confirm_message print(verify_token.token) else: confirm_message = {"failure": "token does not exist"} # print("token does not exist") return confirm_message
def enter_token(): if request.method == "POST": token_value = request.form.get("token") verify_token = Confirm_mail.query.filter_by(token=token_value).first() if verify_token: current_time = time.time() if current_time >= verify_token.dateTime: db.session.delete(verify_token) db.session.commit() # error message flash("token has expired, try again") return redirect(url_for("confirm_mail")) else: # success msg user_data = json.loads(verify_token.user_details) user_name = user_data.get("name") password = user_data.get("password") email = user_data.get("email") phone = user_data.get("phone") password = md5_crypt.hash(password) user = User(username=user_name, password=password, phone=phone, email=email) db.session.add(user) delete_confirm = Confirm_mail.query.filter_by(mail=email).all() for each_delete_confirm in delete_confirm: db.session.delete(each_delete_confirm) db.session.commit() flash("your account has been verified successfully, you can now login") return redirect(url_for("login")) print(verify_token.token) else: flash("token does not exist") return redirect(url_for("confirm_mail")) else: return render_template("enter_token.html")
def main(argv): username = "" password = "" try: opts, args = getopt.getopt(argv, "hu:p:", ["iuser="******"ipass"]) except getopt.GetoptError: #print 'validate_credentials.py -u <user> -p <pass>' print "error~:~x1008~:~Parameter not Passed Correctly" sys.exit(2) for opt, arg in opts: if opt == '-H': #print 'validate_credentials.py -u <user> -p <pass>' print "error~:~x1009~:~Parameter not Passed Correctly" sys.exit() elif opt in ("-u", "--iuser"): username = arg.strip() elif opt in ("-p", "--ipass"): password = arg.strip() #print username+" "+password #print 'Input file is :', filename #print bcrypt.hashpw(str(random.random()), bcrypt.gensalt()) #print "<br>" #print bcrypt.hashpw(str(password+universal_slt_key), bcrypt.gensalt()) if username == "": print "error~:~x1006~:~Username Can't Be Empty" sys.exit() if password == "": print "error~:~x1007~:~Password Cant Be Empty" sys.exit() check_credentials = verify_credentials() token = check_credentials.authenticate_credentials(username, password) if (token == -111): print "Token~:~" + md5_crypt.hash(str( random.random())) + '~:~' + User_f_l_name + '~:~' + str(User_ID) else: if (token == -112): print "error~:~#1005~:~Usename Not Found" else: print "error~:~#1001~:~Password Does Not Match"
def _set_expert_password(self, cli_service, logger): """Set expert password. :param cloudshell.cli.cli_service.CliService cli_service: :param logging.Logger logger: :rtype: bool """ # gen enable password hash enable_password_hash = md5_crypt.hash( self.resource_config.enable_password, salt_size=random.choice(range(5, 8))) error_map = OrderedDict([ ("Configuration lock present", "Configuration lock present."), ("Failed to maintain the lock", "Failed to maintain the lock."), ("Wrong password", "Wrong password."), ]) cli_service.send_command( command="set expert-password-hash {}".format(enable_password_hash), logger=logger, error_map=error_map, )
def addAdmin(): ''' after old names are added, he has ID 3 ''' admin = Member(fname=u'Adalbert', lname='Adminovic') admin.mem_email = '*****@*****.**' admin.mem_mobile = "06" + str(random.randint(10000000, 100000000)) admin.household_size = 1 admin.mem_enc_pwd = md5_crypt.hash('notsecret') admin.mem_admin = True admin.mem_active = True DBSession.add(admin) DBSession.flush() wgs = DBSession.query(Workgroup).filter( Workgroup.name == u'Systems').first() wgs.members.append(admin) wgm = DBSession.query(Workgroup).filter( Workgroup.name == u'Membership').first() wgm.members.append(admin) wgf = DBSession.query(Workgroup).filter( Workgroup.name == u'Finance').first() wgf.members.append(admin) return admin
def addOldMembers(): m1 = Member(fname=u'Peter', prefix=u'de', lname='Pan') m1.mem_email = '*****@*****.**' m1.mem_enc_pwd = md5_crypt.hash('notsecret') DBSession.add(m1) m2 = Member(fname=u'Hans', prefix=u'de', lname='Wit') m1.mem_email = '*****@*****.**' DBSession.add(m2) wg1 = Workgroup(name=u'Systems', desc=u'IT stuff') DBSession.add(wg1) wg2 = Workgroup(name=u'Besteling', desc=u'Besteling at wholesale') DBSession.add(wg2) DBSession.flush() # flush now to get member and workgroup IDs wg1.members.append(m1) wg1.leaders.append(m1) wg2.members.append(m1) wg2.members.append(m2) wg2.leaders.append(m2) DBSession.flush() s = Shift(wg2.id, 'do stuff', 2012, 6, member=m1) DBSession.add(s) DBSession.flush() return m1, m2
def test_check_and_update_persist(self, session, User): """ When a password is compared, the hash should update if needed to change the algorithm; and, commit to the database. """ from passlib.hash import md5_crypt obj = User() obj.password = Password(md5_crypt.hash('b')) session.add(obj) session.commit() assert obj.password.hash.decode('utf8').startswith('$1$') assert obj.password == 'b' session.commit() obj = session.query(User).get(obj.id) assert obj.password.hash.decode('utf8').startswith('$pbkdf2-sha512$') assert obj.password == 'b'
def type5_decrypt(enc_pwd, dict): print("[*] Bruteforcing 'type 5' hash...\n") # Count passwords in the wordlist passnum = linecounter(dict) print("\tFound %d passwords to test." % passnum) try: passf = open(dict, 'rb') except IOError: print('[ERR] Cannot open:', dict) exit(-1) # Splitting hash split_pwd = enc_pwd.split('$') print("\tTesting: %s" % enc_pwd) if split_pwd[1] == '1': print("\tHash Type = MD5") else: print("\t[ERR] Your 'type 5' hash is not valid.") exit(-1) print("\tSalt = %s" % split_pwd[2]) print("\tHash = %s\n" % split_pwd[3]) count = 0 for line in passf.readlines(): # random status if random.randint(1, 100) == 42: print("\t[Status] %d/%d password tested..." % (count, passnum)) if md5_crypt.hash(line.rstrip(), salt=split_pwd[2]) == enc_pwd: print("\n[*] Password Found = %s" % line.decode("utf-8")) exit(0) count += 1 print("\t[-] Password Not Found. You should try another dictionary.")
def type5_decrypt(enc_pwd, dict): print("[*] Bruteforcing 'type 5' hash...\n") # Count passwords in the wordlist passnum = linecounter(dict) print("\tFound %d passwords to test." % passnum) try: passf = open(dict, 'rb') except IOError: print('[ERR] Cannot open:', dict) exit(-1) # Splitting hash split_pwd = enc_pwd.split('$') print("\tTesting: %s" % enc_pwd) if split_pwd[1] == '1': print("\tHash Type = MD5") else: print("\t[ERR] Your 'type 5' hash is not valid.") exit(-1) print("\tSalt = %s" % split_pwd[2]) print("\tHash = %s\n" % split_pwd[3]) count = 0 for line in passf.readlines(): # random status if random.randint(1, 100) == 42: print("\t[Status] %d/%d password tested..." % (count, passnum)) if md5_crypt.hash(line.rstrip(), salt=split_pwd[2]) == enc_pwd: print("\n[*] Password Found = %s" % line.decode("utf-8") ) exit(0) count += 1 print("\t[-] Password Not Found. You should try another dictionary.")
def _encrypt(self, clearvalue, salt=None): return md5_crypt.hash(clearvalue)