wpa2-cgi/ 0000755 0001750 0001750 00000000000 11137670504 012345 5 ustar dragorn dragorn wpa2-cgi/cgi-bin/ 0000755 0001750 0001750 00000000000 11105127571 013651 5 ustar dragorn dragorn wpa2-cgi/cgi-bin/form.phtml 0000644 0001750 0001750 00000001431 10765257131 015670 0 ustar dragorn dragorn
Simple Radius Signup
%(comment)s
wpa2-cgi/cgi-bin/radius.cgi 0000755 0001750 0001750 00000013715 11075374101 015635 0 ustar dragorn dragorn #!/usr/bin/env python
"""
Radius user creation CGI
A basic user-creation device which inserts a user in a MySQL-backed
Radius server, with account creation rate throttling to prevent the
auth server from being flooded by malicious users.
First, a "human identifier" image is created and the value stored in
a local SQLite database to prevent replay attacks.
The content of the image is obfuscated with 3des and stored in the GET
string. No session data is used.
mkershaw@arubanetworks.com
http://labs.arubanetworks.com
"""
# Do we store recently used images in a sqlite db to prevent replay?
USE_SQLITE_VERIFY = 1
import pyDes, cgi, cgitb, random, MySQLdb, time
from sys import exit
if USE_SQLITE_VERIFY:
from pysqlite2 import dbapi2 as sqlite
# Shared private key, must match the key in image.cgi
PRIVATEKEY="010101010101010101010101"
# Path to a writeable sqlite database for storing recent
# attempts, with the schema:
# CREATE TABLE captcha (inserted int, captcha char(5));
PASSDB="/path/to/sqlite/passdb"
# MYSQL server used by Radius
MYSQLSRV="10.10.100.5"
# Username and password for a user able to select from db.usergroup
# and insert into db.usergroup and db.radcheck
MYSQLUSR="radiuscgi"
MYSQLPWD="radiuscgi"
# Database loaded with freeradius schema
MYSQLDB="radius"
# Group to add new users to
RADIUSGROUP="demo"
def printform(comment):
myvals = { }
myvals["comment"] = comment
letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789"
word = ''.join([random.choice(letters) for i in range(5)])
rw = ''.join([random.choice(letters) for i in range(random.randint(5, 20))])
try:
k = pyDes.triple_des(PRIVATEKEY)
except:
print "Content-type: text/html\n"
print "form failure"
exit(0)
myvals["hash"] = (k.encrypt("%s:%s:%s" % (rw, time.time(), word), "*")).encode("hex")
print "Content-type: text/html\n"
print (open("form.phtml", "r").read() % myvals)
def printl2(user, pw):
# time:random:user:pw
letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ23456789"
word = ''.join([random.choice(letters) for i in range(5)])
rw = ''.join([random.choice(letters) for i in range(random.randint(5, 20))])
try:
k = pyDes.triple_des(PRIVATEKEY)
except:
print "Content-type: text/html\n"
print "form failure"
exit(0)
hash = (k.encrypt("%s:%s:%s:%s" % (rw, time.time(), user.encode("hex"), pw.encode("hex")), "*")).encode("hex")
print "Location: radius.cgi?l2h=%s\n" % hash
def checkcaptcha(captcha):
try:
con = sqlite.connect(PASSDB)
except:
printform("Captcha DB failure")
exit(0)
cursor = con.cursor();
try:
cursor.execute("SELECT * FROM captcha WHERE captcha = %s" % (MySQLdb.string_literal(captcha)))
except:
printform("Text match DB failure")
exit(0)
if cursor.rowcount:
printform("Text already used")
exit(0)
try:
cursor.execute("INSERT INTO captcha (inserted, captcha) VALUES (%d, %s)" % (int(time.time()), MySQLdb.string_literal(captcha)))
except:
printform("Text DB failure")
exit(0)
con.commit()
try:
# Clean up the captcha DB
cursor.execute("DELETE FROM captcha WHERE inserted < %d" % int(time.time() - 30))
except:
return 1
con.commit()
return 1
def insert(user, pw):
try:
conn = MySQLdb.connect (host = MYSQLSRV,
user = MYSQLUSR,
passwd = MYSQLPWD,
db = MYSQLDB)
except:
printform("SQL server not available")
cursor = conn.cursor()
cursor.execute("SELECT UserName from usergroup WHERE UserName = %s;" % MySQLdb.string_literal(user))
if cursor.rowcount:
printform("Username already exists")
exit(0)
cursor.execute("INSERT INTO radcheck (username, attribute, value, op) values (%s, \"Cleartext-Password\", %s, \":=\");" % (MySQLdb.string_literal(user), MySQLdb.string_literal(pw)))
if not cursor.rowcount:
printform("Error")
exit(0)
cursor.execute("INSERT INTO usergroup (username, groupname) values (%s, \"%s\");" % (MySQLdb.string_literal(user), RADIUSGROUP))
if not cursor.rowcount:
printform("Error")
exit(0)
print "Content-type: text/html\n"
print (open("done.phtml", "r").read())
exit(0)
# Main processing
form = cgi.FieldStorage()
if not form:
printform("")
exit(0)
hash = form.getvalue("hash")
word = form.getvalue("captcha")
user = form.getvalue("username")
pw = form.getvalue("passwd")
pw2 = form.getvalue("passwd2")
l2h = form.getvalue("l2h")
try:
k = pyDes.triple_des(PRIVATEKEY)
except:
printform("Hash failure")
exit(0)
# Second-stage hash actually triggers submit
if not l2h == None:
try:
s = k.decrypt(l2h.decode("hex"), "*")
except:
printform("L2 Hash failure")
exit(0)
v = s.split(":")
# random:time:userhex:pwhex
if len(v) != 4:
printform("Invalid L2 hash")
exit(0)
try:
ptime = float(v[1])
except:
printform("Invalid L2 hash")
user = v[2].decode("hex")
pw = v[3].decode("hex")
# L2 hash only lives for 5 seconds
if time.time() - ptime > 5:
printform("L2 Hash expired")
exit(0)
insert(user, pw)
print "exit"
exit(0)
if (word == None or hash == None or user == None or pw == None or pw2 == None):
printform("Missing form values")
exit(0)
if len(pw) < 5:
printform("Password should be at least 5 characters")
exit(0)
if not pw == pw2:
printform("Passwords didn't match")
exit(0)
try:
s = k.decrypt(hash.decode("hex"), "*")
except:
printform("Hash failure")
exit(0)
v = s.split(":")
if (len(v) != 3):
printform("Invalid hash")
exit(0)
if (v[2] == word.upper()):
# Checkcaptcha will abort internally if it fails
if USE_SQLITE_VERIFY:
checkcaptcha(word.upper())
printl2(user, pw)
exit(0)
printform("invalid word")
wpa2-cgi/cgi-bin/image.cgi 0000755 0001750 0001750 00000004165 11075373576 015446 0 ustar dragorn dragorn #!/usr/bin/env python
"""
Very basic "human identifier" image generator.
Uses libgd and the dejavusans-mono-bold TTF font, and minimal obfuscation
techniques. Not meant for an Internet-facing application where OCR, etc
is a real risk; The "security" measures here are meant to prevent flooding
of the auth server by malicious users only.
Image is drawn normally and then obfuscated by drawing white lines over it.
Image content is derived from the content of the GET string, which is
obfuscated with a 3des private key. This key must match the config used in
the companion script, radios.cgi.
http://.../image.cgi?text=3des-encrypded-data
mkershaw@arubanetworks.com
http://labs.arubanetworks.com
"""
# 12 bytes/24 hex digit DES key
# Must match the key in the calling cgi (radius.cgi)
# and should be generated from proper random data
PRIVATEKEY="010101010101010101010101"
# If the TTF file is not stored in the CGI directory, specify
# where it is kept
FONTPATH="."
import gd, os, sys, cStringIO, urllib2, encodings, pyDes, random
import cgi, cgitb
os.environ["GDFONTPATH"] = FONTPATH
FONT = "dejavusansmonobold"
def simple():
im = gd.image((300, 100))
white = im.colorAllocate((255, 255, 255))
black = im.colorAllocate((0, 0, 0))
blue = im.colorAllocate((0, 0, 255))
yellow = im.colorAllocate((255, 255, 0))
white = im.colorAllocate((255, 255, 255))
im.colorTransparent(white)
im.interlace(1)
im.rectangle((0,0), (299,99), black)
try:
form = cgi.FieldStorage()
text = form.getvalue("text");
k = pyDes.triple_des(PRIVATEKEY)
s = k.decrypt(text.decode("hex"), "*")
v = s.split(":")
if (len(v) != 3):
s = "error"
else:
s = v[2]
except:
s = "error"
im.string_ttf(FONT, 72.0, 0.0, (5, 90), s, black)
for i in range(1, 150):
im.line((random.uniform(1, 299), random.uniform(1, 99)),
(random.uniform(1, 299), random.uniform(1, 99)), white)
# Print the PNG out to our caller, we get included as
print "Content-type: image/png\n"
im.writePng(sys.stdout)
simple()
wpa2-cgi/cgi-bin/dejavusansmonobold.ttf 0000644 0001750 0001750 00000347744 10765254667 020332 0 ustar dragorn dragorn GDEF ) OS/2yD , VcmapH cvt ID ` fpgmq49j gasp glyfA c headԙ k 6hhea k $hmtx;I6 k locaB u maxp
namep !lpostE (prepLQ3 | prop
|= t p 3 3 f @ q Deja
m` j ~%+/3A?Xauz~_ [w{
%9=GKW]cmq # & 1 : < > I p y !"!&!+""""""" "+"H"a"e####!#}##$#%&8')+ $+-17P Xatz~Cw{$6<AJWZalp~ & 0 9 < > G p t !"!&!*""""""""'"H"`"d#### #}##$#%&8')+ {vutqca`\YVTSR<$
|x^YONI&ywtrgebZXL
[VN xXީqٚ ~{utho
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a rdei xpk vj s gw l| cn m} b y q z 3# N \ {#'## \# \ \ w#3 b# # \ b b b % %1 /# /
9 b R s q # o V d\H f```{ \{ ` o 7L ' 5% = { D = ! / s , %Id@QX Y!-,%Id@QX Y!-, P
y PXY%%# P
y PXY%-,KPX EDY!-,%E`D-,KSX%%EDY!!-,ED-,%%I%%I` ch #:e:- hh @ b /1 0!%!!h sr) @
d
<2991 /0!!!#!#qe @ d 1 <20!!! ++ J@0g g
91 /<<<<<<<2220333#3!####5!#5!#3_^aJ^^^^J^Jvuu%v D
/ P@+ )%$(hh!/$, ( 0<21 /<22290>54&#.'.546753.'?FE>??ˍWggU̹GP>[ٴ O=>O-C:9L-.+=BI' (0Ϭ ! ' 3 V@-( (kk kj.k%1" +1"" 499991 /999904632#"&"32654& 4632#"&"32654&!?9PP9:OP)˹=8ON9:QRXO::OO:9PP`^P::OP99Q % * 8 @Z )(*()(-,.+23456718%8+(%# 1) #1p#popnr)($ +.# . 8 )$.9999999991 /99990KSX999Y"%#" 5467.54632.#">54&'3!32676767fKWꍋ20ID@APR=D9DI"BCr;H23ёXN< $%86$~f &b993V+wIz
d 1 0! +
@u t
2991 0#&547䟚@= 5R
@u t 2991 03#6545䞛䄀=? y9T J@(
n
<2<2991 <22990
%#'-73%TJLLLLKLXX B \ #@ v
<<1 <<0!!#!5!RPRP jo @
w
1 0!#9co - 1 0!!-w o w
1 /0!!Mo qB` @ d 1 03#m {V #$@ x!xn!r$
$1 0@/ ///////// /
/? ????????? ?
?O OKKKKK K
OTTTPPPTT T
ddd```dd d
T/ ///////// /
/
$]]4632#"&"326&32#"H45HH54H|f^^fg^^5HH54HGB~{|~ o
$@xxd x 1 /20!%!!!J5JML
J/ s ' [@/ %
zy
xn x
991 /990KSX9Y"!!57 7>54">32uL=KByoOkk^;H5/FVAdm?<')ݿX^D }L ( G@) p zy#pz
y pnr) &
)91 90#32654">32!"&'32654&%nyynTgg\qd^xxWOS]*(!εǢ&$/1o^s} f u
B@
% xd
<291 /<290KSXY" !!3#!!y5jB F <@!xzyx
x d
r
1 90!!>32 !"&'32654"+$R.`fSXOQ
))u'' b $ 5@ {{
zy{"nr%
%1 90"32654&.#">32# !2`ee``gg#OC/c..F싄--AAn 7 5@%x d
991 /0KSXY"!!! P # / D@% {'{-{nr'0 $*
!0991 990"32654&%.54632#"&54632654"hczzcc{zqvto|eWXeeXVf}gg~eg}}'yغx(&ĉTXggXWef oN $ 7@{
z y{
{nr%
"
%1 9073267#"543 !"&2654"OC/dF7_ee_`gg
.,AA i}} ' @w w
<21 /0!!!!MM' s' "@w w
<21 0!#!!MNMo X my @ 291 90 5y! X'y @vv <21 0!!!!X!! X my @ <91 9055X!`a ) $ q@8
%$
fhn
!
%<2999991 /9990KSX99Y"!!!546?>54">32>PZ?-\\T`beD^XD&cNY=P+CDGF89L\VBT= s 4 ]@1(+$ 4| |}'$|+}|+15'(
!.52991 9999904"326#5#"&5463254" 3267# !2fYYeeYYf&gHȥGl"0PE\Qm`v4!qqrR511/)//77 !
@;
% h~d
91 /<90KSXY"K TK
T[X @878Y@, 0000
5::5s|] ]!!!!!hi\uZq+q } >@$ h
hdh
!2991 /903265432654%!2)čqvp_anF`wyjFP\\S뽼
İ 9 .@ op
op nr! 21 0%# !2.#"32679FU>.UDLLLL+$$xy$$FAAF u (@ p dp
!
"99991 /0326! )P<nB?
ts J *@ppd
p # 2<1 /0)!!!!!J^?{y X %@p pd#
21 /0!!!!!XBu uj S@! ppopnr %!1 990@]]#5!# !2.#"326hUu?-ZL>`.DTIKsy30PQ H &@p d
"221 /<20!!!!!!'q'9+h % #@ pd p
221 /220!!!!!y))3 m .@ opp
dr 1 99073265!!!"&mVctl_JVX\t
4 u a@3 % d
291 /<290KSXY"!! !!u'N)Nw @pd 1 /03!!'w/ V { @,
%
d
%
%
91 /<290KSXY" ]@R )=??
& )/708? ] ]!!###V`bq+sT w X S@% d&&