newbi3 Posted November 3, 2013 Share Posted November 3, 2013 (edited) This is a proof of concept I have been working on, 2 factor authentication for mkV. This will be released in version 2.0 of SMSer. http://youtu.be/Csz8XJdmig0 if you are wanting to roll your own 2 factor auth before 2.0 of smser is released replace /pineapple/includes/api/login.php with this: <?php if (session_status() == PHP_SESSION_NONE) { session_start(); } $file = explode('/n', file_get_contents('/etc/shadow')); $string = explode(':', $file[0]); $string = explode('$', $string[1]); $salt = '$1$'.$string[2].'$'; $password = $string[3]; $submitted_pass = crypt($_POST["password"], $salt); $actual_pass = $salt.$password; //$submitted_key = $_POST['key']; //$acutal_key = exec('cat /pineapple/includes/api/key'); //echo exec("cat /pineapple/includes/api/key"); if(isset($_POST['login'])){ $submitted_key = $_POST['key']; $actual_key = exec('cat /pineapple/includes/api/key'); if($submitted_pass == $actual_pass && $_POST['username'] == "root" && $submitted_key == $actual_key){ exec('rm /pineapple/includes/api/key'); $_SESSION['logged_in'] = true; header('Location: /'); }else{ $message = "<font color='red'>Invalid username / password / Key</font>"; } } if(isset($_GET['sendkey'])){ $key = rand(1000, 9999); exec('echo ' . $key . ' > /pineapple/includes/api/key'); exec('/pineapple/components/infusions/smser/content/smser.py --useconfig /pineapple/components/infusions/smser/content/smser.conf --logpath /pineapple/components/infusions/smser/content/smser.log -m ' . $key . ''); $message = 'key sent to phone.'; } ?> <html> <head> <title>WiFi Pineapple - Login</title> <meta http-equiv="cache-control" content="max-age=0" /> <meta http-equiv="cache-control" content="no-cache" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> <meta http-equiv="pragma" content="no-cache" /> <link rel="stylesheet" type="text/css" href="includes/css/styles.php" /> <script src="includes/js/jquery.min.js"></script> <script type="text/javascript"> function ajaxRequest() { if (window.XMLHttpRequest) { return new XMLHttpRequest(); } else if (window.ActiveXObject) { return new ActiveXObject("Microsoft.XMLHTTP"); } else { return false; } } function ajaxGet(toChange, getFrom) { var xmlhttp = new ajaxRequest(); xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById(toChange).innerHTML=xmlhttp.responseText; } } xmlhttp.open("GET", getFrom, true) xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded") xmlhttp.send() } function changeElement(toChange, text) { document.getElementById(toChange).innerHTML=text; } </script> <noscript><meta http-equiv="refresh" content="0;url=index.php?noJS" /></noscript> </head> <body> <a href="#" onclick="ajaxGet('yourmom', 'index.php?sendkey'); changeElement('status', 'Key has been sent!'); return false;">Request Key</a> <div id="status">Waiting for action...</div> <center> <div style="background-color: black; position: absolute; margin: auto; top: 50%; left: 50%; width: 256px; height: 356; ; margin-top: -178px;"> <img src="/includes/img/mk5_logo.gif"><br /><br /> <?=$message?> <form action="" method="POST"> <table> <tr><td>Username:</td><td><input type="text" name="username" value="root"></td></tr> <tr><td>Password:</td><td><input type="password" name="password"></td></tr> <tr><td>Key:</td><td><input type="text" name="key"></td></tr> </table> <input type="submit" name="login" value="Log In"> </form> </div> </center> </body> </html> Edited November 3, 2013 by newbi3 Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted November 3, 2013 Share Posted November 3, 2013 briliant idea, looking forward to try this out myself :) Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted November 3, 2013 Share Posted November 3, 2013 While cool, keep in mind that our system updates often change thee type of files. If they have been modified it is possible that something breaks.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.