Creating an NT-Password value with python

Bjørn Mork bjorn at mork.no
Sat Nov 21 13:09:21 CET 2009


jon michaels <joniamasad at gmail.com> writes:

> Hi list,
>
> I am trying to figure out how to create an NT-Password hash for the
> authentication database using python.
>
> I found the package python_ntlm which seems to be able to do the job.
> http://code.google.com/p/python-ntlm/source/browse/trunk/python26/ntlm/ntlm.py
>
> I think it needs a modification however, because currently the hash
> returned looks like this:
>
>>>> from ntlm.ntlm import create_NT_hashed_password_v1
>>>> create_NT_hashed_password_v1('test')
> '\xdb4mi\x1dz\xccM\xc2b]\xb1\x9f\x9e?R'
>
> I then proceed to add the user in mysql:
> insert into radcheck (username,attribute,value,op) values
> ('testuser','NT-Password','\xdb4mi\x1dz\xccM\xc2b]\xb1\x9f\x9e?R',':=');

You'll have to insert the actual octets as produced by
create_NT_hashed_password_v1 and not the weird display format used by
python for printing the unprintable.

If you insert

mysql> insert into radcheck (username,attribute,value,op) values
    -> ('testuser','NT-Password','\xdb4mi\x1dz\xccM\xc2b]\xb1\x9f\x9e?R',':=');
Query OK, 1 row affected (0.00 sec)

then you get:


mysql> select * from radcheck;
+----+----------+-------------+----+--------------------------------+
| id | username | attribute   | op | value                          |
+----+----------+-------------+----+--------------------------------+
|  1 | testuser | NT-Password | := | xdb4mix1dzxccMxc2b]xb1x9fx9e?R | 
+----+----------+-------------+----+--------------------------------+
1 row in set (0.00 sec)


which is invalid.

I suggest you use python to insert the value into mysql, *as it is
returned* from create_NT_hashed_password_v1.

For testing, you can probably get away with something like 
mysql> insert into radcheck (username,attribute,value,op) values ('testuser','NT-Password', concat(0xdb, "4mi", 0x1d, "z", 0xcc, "M", 0xc2, "b]", 0xb1, 0x9f, 0x9e, "?R"),':=');




Bjørn




More information about the Freeradius-Users mailing list