Telnet Login

Acolyte · #1 12-30-2005, 09:36 AM

Can't seem to log into world via telnet.

Tried MD5ing the password and putting it in account using mkpasswd -H MD5 -- no go.

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Username: xxx
Password: xxx
Login failed.

RangerDown · #2 12-31-2005, 06:48 AM

The worldserver will accept the password if it's stored in the database as plaintext, I know that for sure. That may or may not be a risk you want to take, depending on how secure you feel your database is and who else has access to read it.

I'm not sure if MD5 is the algorithm the world server is using when it comes upon a password that's not plaintext.

Acolyte · #3 12-31-2005, 07:06 AM

Quote:

Originally Posted by RangerDown

The worldserver will accept the password if it's stored in the database as plaintext, I know that for sure. That may or may not be a risk you want to take, depending on how secure you feel your database is and who else has access to read it.

I'm not sure if MD5 is the algorithm the world server is using when it comes upon a password that's not plaintext.

Yeah -- I figured it out heh, it's plaintext. I read it was MD5 via searching.

RangerDown · #4 12-31-2005, 07:30 AM

Update:

I've seen it work with a hashed password. And after checking and verifying one spot I know has a hashed password, it is an md5.

When you insert your md5, are you using HEX characters to represent your md5 hash? Also, where the hex characters are alpha (a-f), use lowercase a-f and not uppercase.

Acolyte · #5 12-31-2005, 11:08 AM

Not hex, stuff like this:

debian:~/eqemu/emu# mkpasswd -H MD5 test
$1$uSnJS56S$Kmz/RlowY7Y6CMFlhpvGu/

RangerDown · #6 12-31-2005, 02:48 PM

That appears to be a base64 representation of your md5 hash. You need to make a Hex (base16) version. The output of a Hex representation will contain no other characters than the numeric digits 0-9 and letters a-f.

johane · #7 01-02-2006, 12:26 PM

Quote:

Originally Posted by RangerDown

That appears to be a base64 representation of your md5 hash. You need to make a Hex (base16) version. The output of a Hex representation will contain no other characters than the numeric digits 0-9 and letters a-f.

Actually the hash is all the stuff after the 3rd '$' sign. The '$1$' at the start is a sig for a MD5 hash. The stuff up to the 3rd '$' is a salt to be used for hashing a possible client password. Try piping the string you've got through :

cut -d '$' -f 3

you should just have the hash itself.

Oh, and the string is bitwise packed as well - I suggest you look at the source in libc for the crypt function. GNU crypt uses MD5 if the salt begins '$1$', otherwise it's the old one that breaks easily.