1. Welcome! Please take a few seconds to create your free account to post threads, make some friends, remove a few ads while surfing and much more. ClutchFans has been bringing fans together to talk Houston Sports since 1996. Join us!

[IT Help] How to leverage PHP functions

Discussion in 'BBS Hangout' started by Master Baiter, Sep 12, 2014.

  1. Master Baiter

    Master Baiter Member

    Joined:
    Jul 6, 2001
    Messages:
    9,608
    Likes Received:
    1,376
    So I feel really stupid even asking this but I'm really lost with how to accomplish what I want to do so I'm here seeing if someone here can help a bro out.

    So I have a demo environment (that simulates a company) where I show lots of IT automation. I have a mock HR system where I can manage employees. Our system will monitor the HR database and if anything changes (adds, moves, terminations) we will make the appropriate changes in the environment. An example would be the following:

    • A new employee is put into the HR system
    • An Active Directory account will be created
    • Their home drive is created
    • The user is put into all of the appropriate security groups
    • A sync with Office 365 is performed so that an email account is created
    • An Office 365 license is assigned to the new account
    • All domain controllers are synced

    One industry that we target is healthcare. Due to this, I have put a fake EMR (Electronic Medical Records) system into my environment. This EMR system (OpenEMR) is a web based program has it's own user account and password. I can create the account using a MySQL script but I cannot set the password because it uses some sort of hash and salt combination for encryption.

    I have found a function inside of one of the php files that is specific to changing the password. Here is the code:

    https://github.com/openemr/openemr/blob/master/library/authentication/password_change.php#L73

    I come from a systems management background and I'm fairly proficient with VBScript and PowerShell. Unfortunately, it seems as if this PHP function can only be leveraged within a webpage. At this point I'm unsure of anything as my brain is about to freaking explode.

    Can anyone PLEASE explain to me how in the hell I can leverage this function so that I can set the password for a user via an external script of some kind?

    Any help is genuinely appreciated!
     
  2. bdb

    bdb Member

    Joined:
    May 20, 2002
    Messages:
    51
    Likes Received:
    17
    1 person likes this.
  3. DrLudicrous

    DrLudicrous Member

    Joined:
    May 9, 2002
    Messages:
    3,936
    Likes Received:
    203
    The logic of the salt creation/hashing can be found in this page.

    Looking at that it either uses the built in crypt() function which will use different hashing algorithms based on what is available on that machine (blowfish is the preferred) or SHA1 if the salt starts with that.

    You should be able to create your own salt and either try the different algorithms in VB until you find the one that matches their function or create a salt that starts with "sha1" to force it to use that algorithm.

    PHP crypt() documentation.
    Replicating PHPs sha1 in VBScript

    I think you can update the previous script to add the salt in. Once that is done and you have the hashed password you can save the password and salt to the database.

    salt = "sha1" & random string
    instr = salt & "test string"
     
  4. heypartner

    heypartner Member

    Joined:
    Oct 27, 1999
    Messages:
    63,691
    Likes Received:
    59,350
    Wait, you are in between a web app and MySQL and have control over the password process and you are asking how to encrypt that? You are the admin, dude, at this point. And you are worried about hashes and keys? Man, my life is to stop people from getting your access to my commercial LAMP software, and now you have it...and don't know how to exploit it...

    I'd help you, but I can't. When people use the NSFW Spoiler for ****. This is it for me. But, trust me, you can find out...don't stress.

    What?
     
    #4 heypartner, Sep 13, 2014
    Last edited: Sep 13, 2014
    1 person likes this.
  5. Air Langhi

    Air Langhi Contributing Member

    Joined:
    Aug 26, 2000
    Messages:
    21,959
    Likes Received:
    6,720
    When you store a function in a database you don't simply store a password like for example "horse". What you do is put into a hashing function which is a one way function. so if you do f(A)->B, there is theoretically no f-1(B)->A. However people have created has table which already precomputed a lot of existing words so if the password is a known word it is easy to look it up. We add a random salt to make it harder for a hacker to use it. So instead of hashing horse we hash horse+"ewrew".

    The openemr function for hashing looks like the following:

    function oemr_password_hash($plaintext,$salt)
    {
    // if this is a SHA1 salt, the use prepended salt
    if(strpos($salt,SALT_PREFIX_SHA1)===0)
    {
    return SALT_PREFIX_SHA1 . sha1($salt.$plaintext);
    }
    else { // Otherwise use PHP crypt()
    return crypt($plaintext,$salt);
    }
    }

    So if you want to change a persons password

    Make a simple php file like so
    test.php:


    <?php
    echo crypt("horse","23423");
    echo "\n";
    ?>



    type
    php test.php

    it will give you an output like this:
    23w2HQQFx7SKw

    Now connect to mysql database and change the user pw column with the encrypted password.
     
  6. Master Baiter

    Master Baiter Member

    Joined:
    Jul 6, 2001
    Messages:
    9,608
    Likes Received:
    1,376
    This program leverages blowfish. and I have been able to get a little further in figuring out how to create the password and salt. The problem that I am having now is that I cannot find a method for replicating php crypt() function in some other scripting language. If I could get this to crypt correctly I would be home free.

    Baby steps to the elevator.
     
  7. Master Baiter

    Master Baiter Member

    Joined:
    Jul 6, 2001
    Messages:
    9,608
    Likes Received:
    1,376
    Yep, I have been able to successfully replicate the way that the program handles the password and salt.

    Example:

    crypt('Password123','$2a$05$gE3QTDzSRG0gGWw6XHxnh$')

    This would return:

    $2a$05$gE3QTDzSRG0gGWw6XHxnh.5wPk8VwUNgvHMlsWO4ClCpUQNOn2D/O

    Now if I could do that crypt command in VBScript or PowerShell I would be really happy. I guess I could try to write my own PHP script. :eek:
     

Share This Page