So I feel really stupid even asking this but I'm really lost with how to accomplish what I want to do so I'm here seeing if someone here can help a bro out. So I have a demo environment (that simulates a company) where I show lots of IT automation. I have a mock HR system where I can manage employees. Our system will monitor the HR database and if anything changes (adds, moves, terminations) we will make the appropriate changes in the environment. An example would be the following: A new employee is put into the HR system An Active Directory account will be created Their home drive is created The user is put into all of the appropriate security groups A sync with Office 365 is performed so that an email account is created An Office 365 license is assigned to the new account All domain controllers are synced One industry that we target is healthcare. Due to this, I have put a fake EMR (Electronic Medical Records) system into my environment. This EMR system (OpenEMR) is a web based program has it's own user account and password. I can create the account using a MySQL script but I cannot set the password because it uses some sort of hash and salt combination for encryption. I have found a function inside of one of the php files that is specific to changing the password. Here is the code: https://github.com/openemr/openemr/blob/master/library/authentication/password_change.php#L73 I come from a systems management background and I'm fairly proficient with VBScript and PowerShell. Unfortunately, it seems as if this PHP function can only be leveraged within a webpage. At this point I'm unsure of anything as my brain is about to freaking explode. Can anyone PLEASE explain to me how in the hell I can leverage this function so that I can set the password for a user via an external script of some kind? Any help is genuinely appreciated!
I think you can run php scripts from the command prompt. http://stackoverflow.com/questions/15597067/how-to-run-php-from-windows-command-line I think It would require installing php on that machine though.
The logic of the salt creation/hashing can be found in this page. Looking at that it either uses the built in crypt() function which will use different hashing algorithms based on what is available on that machine (blowfish is the preferred) or SHA1 if the salt starts with that. You should be able to create your own salt and either try the different algorithms in VB until you find the one that matches their function or create a salt that starts with "sha1" to force it to use that algorithm. PHP crypt() documentation. Replicating PHPs sha1 in VBScript I think you can update the previous script to add the salt in. Once that is done and you have the hashed password you can save the password and salt to the database. salt = "sha1" & random string instr = salt & "test string"
Wait, you are in between a web app and MySQL and have control over the password process and you are asking how to encrypt that? You are the admin, dude, at this point. And you are worried about hashes and keys? Man, my life is to stop people from getting your access to my commercial LAMP software, and now you have it...and don't know how to exploit it... I'd help you, but I can't. When people use the NSFW Spoiler for ****. This is it for me. But, trust me, you can find out...don't stress. What?
When you store a function in a database you don't simply store a password like for example "horse". What you do is put into a hashing function which is a one way function. so if you do f(A)->B, there is theoretically no f-1(B)->A. However people have created has table which already precomputed a lot of existing words so if the password is a known word it is easy to look it up. We add a random salt to make it harder for a hacker to use it. So instead of hashing horse we hash horse+"ewrew". The openemr function for hashing looks like the following: function oemr_password_hash($plaintext,$salt) { // if this is a SHA1 salt, the use prepended salt if(strpos($salt,SALT_PREFIX_SHA1)===0) { return SALT_PREFIX_SHA1 . sha1($salt.$plaintext); } else { // Otherwise use PHP crypt() return crypt($plaintext,$salt); } } So if you want to change a persons password Make a simple php file like so test.php: <?php echo crypt("horse","23423"); echo "\n"; ?> type php test.php it will give you an output like this: 23w2HQQFx7SKw Now connect to mysql database and change the user pw column with the encrypted password.
This program leverages blowfish. and I have been able to get a little further in figuring out how to create the password and salt. The problem that I am having now is that I cannot find a method for replicating php crypt() function in some other scripting language. If I could get this to crypt correctly I would be home free. Baby steps to the elevator.
Yep, I have been able to successfully replicate the way that the program handles the password and salt. Example: crypt('Password123','$2a$05$gE3QTDzSRG0gGWw6XHxnh$') This would return: $2a$05$gE3QTDzSRG0gGWw6XHxnh.5wPk8VwUNgvHMlsWO4ClCpUQNOn2D/O Now if I could do that crypt command in VBScript or PowerShell I would be really happy. I guess I could try to write my own PHP script.