From 6f53d09b04232003963f3f50f1bcf30c0c069ffa Mon Sep 17 00:00:00 2001 From: r00t Date: Sun, 27 Nov 2016 12:18:31 -0500 Subject: [PATCH] adding docs/HOWTO.hashgen- OOPS. --- bdisk/bdisk.py | 2 +- bdisk/build.py | 48 ++++++++++++++++++++++------------------------ docs/HOWTO.hashgen | 36 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 26 deletions(-) create mode 100644 docs/HOWTO.hashgen diff --git a/bdisk/bdisk.py b/bdisk/bdisk.py index ed63a33..b711fbc 100755 --- a/bdisk/bdisk.py +++ b/bdisk/bdisk.py @@ -22,4 +22,4 @@ if __name__ == '__main__': for a in arch: bchroot.chroot(conf['build']['chrootdir'] + '/root.' + a, 'bdisk.square-r00t.net') bchroot.chrootUnmount(conf['build']['chrootdir'] + '/root.' + a) - build.chrootClean(conf['build']) + #build.chrootClean(conf['build']) diff --git a/bdisk/build.py b/bdisk/build.py index 25d9d45..a341c85 100755 --- a/bdisk/build.py +++ b/bdisk/build.py @@ -22,32 +22,30 @@ def chrootClean(build): tar.add(dbdir, arcname = os.path.basename(dbdir)) # Cut out the fat # The following are intended as "overrides" of the paths we'll be deleting. - backup = {} - backup['dirs'] = ['/var/lib/pacman/local'] - backup['files'] = ['/usr/share/locale/locale.alias', - '/usr/share/zoneinfo/EST5EDT', - '/usr/share/zoneinfo/UTC', - '/usr/share/locale/en', - '/usr/share/locale/en_US', - '/usr/share/locale/en_GB'] + backup = ['/var/lib/pacman/local', + '/usr/share/locale/locale.alias', + '/usr/share/zoneinfo/EST5EDT', + '/usr/share/zoneinfo/UTC', + '/usr/share/locale/en', + '/usr/share/locale/en_US', + '/usr/share/locale/en_GB'] # And these are what we remove. - delete = {} - delete['dirs'] = ['/usr/share/locale/*', - '/var/cache/pacman/*', - '/var/cache/pkgfile/*', - '/var/cache/apacman/pkg/*', - '/var/lib/pacman/*', - '/var/abs/local/yaourtbuild/*', - '/usr/share/zoneinfo', - '/root/.gnupg', - '/tmp/*', - '/var/tmp/*', - '/var/abs/*', - '/run/*', - '/boot/*', - '/usr/src/*', - '/var/log/*', - '/.git'] + delete = ['/usr/share/locale/', + '/var/cache/pacman/', + '/var/cache/pkgfile/', + '/var/cache/apacman/pkg/', + '/var/lib/pacman/', + '/var/abs/local/yaourtbuild/', + '/usr/share/zoneinfo', + '/root/.gnupg', + '/tmp/', + '/var/tmp/', + '/var/abs/', + '/run/', + '/boot/', + '/usr/src/', + '/var/log/', + '/.git'] delete['files'] = ['/root/.bash_history', '/root/apacman*', '/root/iso.pkgs*', diff --git a/docs/HOWTO.hashgen b/docs/HOWTO.hashgen new file mode 100644 index 0000000..42b502e --- /dev/null +++ b/docs/HOWTO.hashgen @@ -0,0 +1,36 @@ +Generating a salted hash compatible with shadow(5) is a rather simple task. + +If you haven't read the shadow(5) man page yet, I highly recommend it: + + man 5 shadow + +There are many ways in which you can generate a salted hash. + +0.) Debian can do this with the mkpasswd utility (it's in Arch's AUR as debian-whois-mkpasswd): + + mkpasswd --method=sha-512 --salt=aBcDeFgHiJ PASSWORD + +(If a salt is not provided, one will be automatically generated. That is is the suggested method.) + +1.) perl (PoC script welcome): + + perl -e 'print crypt("PASSWORD","\$6\$aBcDeFgHiJ\$") . "\n"' + +2.) python (extras/bin/hashgen.py): + + python -c "import crypt, getpass, pwd; print crypt.crypt('PASSWORD','\$6\$aBcDeFgHiJ\$')" + +3.) php: + + php -r "\$password = readline('Password: '); \$saltRaw = random_bytes(8); \$salt = base64_encode(\$saltRaw); \$result = crypt(\$password,'\$6' . '\$' . \$salt .'\$'); print \$result . \"\n\";" + +4.) even grub-crypt (if using legacy grub): + + /sbin/grub-crypt --sha-512 + +The end-product should look something like this: + + $6$aBcDeFgHiJ$Yh342vFH7MOjPNu9InFymD1Dd42i5cFsr1cTWdpKGNIkbRGR/ZKQDRPJ1ZeeGb7y894Tfh3iWZIJKu3phlsqQ1 + +If it doesn't, you did something incorrectly. +Note that different hashes/the PoC scripts will result in a different string, but it should be the same length.