Jump to content

Recommended Posts

Posted (edited)

This is a proof of concept I have been working on, 2 factor authentication for mkV. This will be released in version 2.0 of SMSer.

http://youtu.be/Csz8XJdmig0

if you are wanting to roll your own 2 factor auth before 2.0 of smser is released replace /pineapple/includes/api/login.php with this:

<?php

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

$file = explode('/n', file_get_contents('/etc/shadow'));
$string = explode(':', $file[0]);
$string =  explode('$', $string[1]);
$salt =  '$1$'.$string[2].'$';
$password = $string[3];



$submitted_pass =  crypt($_POST["password"], $salt);
$actual_pass = $salt.$password;

//$submitted_key = $_POST['key'];
//$acutal_key = exec('cat /pineapple/includes/api/key');
//echo exec("cat /pineapple/includes/api/key");

if(isset($_POST['login'])){
  $submitted_key = $_POST['key'];
  $actual_key = exec('cat /pineapple/includes/api/key');
  if($submitted_pass == $actual_pass && $_POST['username'] == "root" && $submitted_key == $actual_key){
    exec('rm /pineapple/includes/api/key');
    $_SESSION['logged_in'] = true;
    header('Location: /');

  }else{

    $message = "<font color='red'>Invalid username / password / Key</font>";

  }
}

if(isset($_GET['sendkey'])){
  $key = rand(1000, 9999);
  exec('echo ' . $key . ' > /pineapple/includes/api/key');
  exec('/pineapple/components/infusions/smser/content/smser.py --useconfig /pineapple/components/infusions/smser/content/smser.conf --logpath /pineapple/components/infusions/smser/content/smser.log -m ' . $key . '');
  $message = 'key sent to phone.';
}

?>

<html>

<head>
        <title>WiFi Pineapple - Login</title>
        <meta http-equiv="cache-control" content="max-age=0" />
        <meta http-equiv="cache-control" content="no-cache" />
        <meta http-equiv="expires" content="0" />
        <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
        <meta http-equiv="pragma" content="no-cache" />
        <link rel="stylesheet" type="text/css" href="includes/css/styles.php" />
        <script src="includes/js/jquery.min.js"></script>
	<script type="text/javascript">
	function ajaxRequest() {
                if (window.XMLHttpRequest)  {
                        return new XMLHttpRequest();
                } else if (window.ActiveXObject) {
                        return new ActiveXObject("Microsoft.XMLHTTP");
                } else {
                        return false;
                }
        }
        function ajaxGet(toChange, getFrom) {
                var xmlhttp = new ajaxRequest();
                xmlhttp.onreadystatechange=function() {
                        if (xmlhttp.readyState==4 && xmlhttp.status==200) {
                                document.getElementById(toChange).innerHTML=xmlhttp.responseText;
                        }
                }
                xmlhttp.open("GET", getFrom, true)
                xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
                xmlhttp.send()
        }
	function changeElement(toChange, text) {
		document.getElementById(toChange).innerHTML=text;
	}
	</script>
        <noscript><meta http-equiv="refresh" content="0;url=index.php?noJS" /></noscript>
</head>

<body>
  <a href="#" onclick="ajaxGet('yourmom', 'index.php?sendkey'); changeElement('status', 'Key has been sent!'); return false;">Request Key</a>
  <div id="status">Waiting for action...</div>
  <center>
<div style="background-color: black; position: absolute; margin: auto; top: 50%; left: 50%; width: 256px; height: 356; ; margin-top: -178px;">
    <img src="/includes/img/mk5_logo.gif"><br /><br />
<?=$message?>
    <form action="" method="POST">
      <table>
        <tr><td>Username:</td><td><input type="text" name="username" value="root"></td></tr>
        <tr><td>Password:</td><td><input type="password" name="password"></td></tr>
        <tr><td>Key:</td><td><input type="text" name="key"></td></tr>
      </table>
      <input type="submit" name="login" value="Log In">
    </form>
</div>
  </center>

</body>



</html>
Edited by newbi3
Posted

briliant idea, looking forward to try this out myself :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...