Tutorial :How do you htdigest 400 user accounts?



Question:

How do you generate user accounts for 400 users to do a load testing?

Htdigest forces you to type in a password each time, I have tried dos pipes like

echo password > htdigest -c realm username%1     htdigest -c realm username%1 < password.txt   

but it is not working...


Solution:1

You can also check out the python script that trac distributes on their website for htdigest passwords, you can then automate it:

Generating htdigest passwords without Apache

They also suggest something along these lines will work:

It is possible to use md5sum utility to generate digest-password file using such method:

$ printf "${user}:trac:${password}" | md5sum - >>user.htdigest  

and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'.


I have tested this on FreeBSD, not sure if this will work on Linux or Windows, so you may need to modify it a little:

(echo -n "user:realm:" && echo -n "user:realm:testing" | md5) > outfile  

outfile contains:

user:realm:84af20dd88a2456d3bf6431fe8a59d16  

Same thing with htdigest:

htdigest -c outfile2 realm user  

output in outfile2

user:realm:84af20dd88a2456d3bf6431fe8a59d16  

They are both the same, thereby proving correctness of the command line implementation!


Solution:2

(Aside: On unix/linux the first one should be:

echo password | htdigest -c realm username$1  

)

As htdigest doesn't have any nice way to pass the password in, I would use expect to automate the process.

An example from http://www.seanodonnell.com/code/?id=21:

#!/usr/bin/expect  #########################################  #$ file: htpasswd.sh  #$ desc: Automated htpasswd shell script  #########################################  #$  #$ usage example:  #$  #$ ./htpasswd.sh passwdpath username userpass  #$  ######################################    set htpasswdpath [lindex $argv 0]  set username [lindex $argv 1]  set userpass [lindex $argv 2]    # spawn the htpasswd command process  spawn htpasswd $htpasswdpath $username    # Automate the 'New password' Procedure  expect "New password:"  send "$userpass\r"    expect "Re-type new password:"  send "$userpass\r"  

It's left as an exercise to the user to convert this for Windows if required.


Solution:3

Here is a script that will read in a list of user names, generate a random password for each, and output them to both an htdigest file, and a plain text file. It has been tested on Linux, but may need to be modified for other systems. In particular, md5sum may be md5, and head does always accept the -c flag.

#!/bin/bash    # auth realm for digest auth  AUTH_REALM=MyRealm    # file locations    # a file containing a list of user names,  # one name per line, e.g.,  # $ cat users.txt  # joe  # curly  # larry  USER_FILE=users.txt    # htdigest file, needs to exist  HTDIGEST_FILE=passwd.htdigest    # insecure password file  PASSWD_FILE=passwd.txt    # read the names from the user file  while read username    do    # generate a pseudo-random password    rand_pw=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8`      # hash the username, realm, and password    htdigest_hash=`printf $username:$AUTH_REALM:$rand_pw | md5sum -`      # build an htdigest appropriate line, and tack it onto the file    echo "$username:$AUTH_REALM:${htdigest_hash:0:32}" >> $HTDIGEST_FILE      # put the username and password in plain text    # clearly, this is terribly insecure, but good for    # testing and importing    echo "$username:$rand_pw" >> $PASSWD_FILE  done < $USER_FILE  

This is what the input and results look like, first the user names file:

$ cat users.txt   joe  curly  larry  

Running the script:

$ ./load_users.bash   

The resulting htdigest file:

$ cat passwd.htdigest  joe:MyRealm:2603a6c581f336f2874dbdd253aee780  curly:MyRealm:fd3f9d87bba654439d5ba1f32c0286a8  larry:MyRealm:c1c3c0dc50a9b97e9f7ee582e3fce892  

And the plain text file:

$ cat passwd.txt   joe:aLnqnrv0  curly:3xWxHKmv  larry:7v7m6mXY  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »