Community discussions

MikroTik App
 
User avatar
butche
Trainer
Trainer
Topic Author
Posts: 428
Joined: Fri May 28, 2004 6:14 pm
Location: Missouri, USA
Contact:

Random password script...

Sun Jul 29, 2007 7:23 am

I am at my wit's end. I've tried several things, but:
1. I am not a programmer
2. I am not a programmer
AND
3. I am not a programmer...


Anyone have good code (MikroTik script) to generate a "random" password? I don't care if it's really random, but just need to generate a 5 or 6 character password. This will be for a hotspot at a hotel. I only need to generate (for now) one password daily.

Things I've thought about:

1. Add a firewall rule like this:
/ip firewall add chain=forward place-before=0 action=passthrough

Then, when my script runs, I can get the packet count (or byte count for that matter) of matches on that rule. I can use that as a base for creating a "random" password.

2. Run a script OFF the Mikrotik on a FreeBSD server (or Linux box) then transfer the .rsc to update the password. (while this would be more "random", it would be a less than perfect solution).

Anyone have some working code to generate a "random" password on MT? I don't care how strong the password is....Just need some ideas for how to do this. Oh, yeah.......I need it last week. :-)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7041
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Random password script...

Sun Jul 29, 2007 1:38 pm

Router OS built in scripting language doesn't have random generator.
But you can generate script on linux or other OS to generate random password, then upload script to MT and execute it.
 
User avatar
butche
Trainer
Trainer
Topic Author
Posts: 428
Joined: Fri May 28, 2004 6:14 pm
Location: Missouri, USA
Contact:

Re: Random password script...

Mon Jul 30, 2007 9:07 am

Router OS built in scripting language doesn't have random generator.
But you can generate script on linux or other OS to generate random password, then upload script to MT and execute it.
Yes, I realize these things (in fact, I said this in my post). What I'm wondering is if anyone has any ideas besides the FreeBSD (not a linux guy myself) method. Using a counter should work (sort of), but I'm not sure the best way to approach this. I am just looking for ideas and (ideally) some code.
 
User avatar
butche
Trainer
Trainer
Topic Author
Posts: 428
Joined: Fri May 28, 2004 6:14 pm
Location: Missouri, USA
Contact:

Re: Random password script...

Mon Jul 30, 2007 11:01 am

I found a solution. I was making it too hard. :-)

I started with a numeric password, then (in the script) grabbed that password, applied a formula and set the new password to the new value. The formula is one that will produce a series of 4 digit numbers. In my testing (I didn't test very many "seed" values) I did not produce a series shorter than 800 numbers before it repeated, which is fine, since we will be changing the password weekly. For the "math impaired" who read this, that is every 5600 weeks (or over 107 years). I hope to see a random number function in MikroTik before the 107 years is up. :-)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7041
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Random password script...

Mon Jul 30, 2007 11:04 am

well you could try like this. Script will generate 3 character long password:
#add firewall rules
/ip firewall filter 
add action=passthrough chain=forward random=5 comment=r1
add action=passthrough chain=forward random=2 comment=r2
add action=passthrough chain=forward random=3 comment=r3
and now you can use this script.
# define char table
:global chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
:local strPass "";

#get counters
:local ch1num [/ip firewall filter get [find comment=r1] packets ];
:local ch2num [/ip firewall filter get [find comment=r2] packets ];
:local ch3num [/ip firewall filter get [find comment=r3] packets ];

# make sure counter is not larger than 25
if ( ch1num > 25 ) do={ /ip firewall filter reset-counters [find comment=r1]; :set ch1num 0; };
if ( ch2num > 25 ) do={ /ip firewall filter reset-counters [find comment=r2]; :set ch2num 0; };
if ( ch3num > 25 ) do={ /ip firewall filter reset-counters [find comment=r3]; :set ch3num 0; };

# generate password
:set strPass ( [:tostr [ :pick $chArray $ch1num ]] . [:tostr [:pick $chArray ch2num ]] . [:tostr [:pick $chArray $ch1num ]] );

:put $strPass ;

#the end
The same can be done by getting seconds from clock (this could be even better approach ).
 
scampbell
Trainer
Trainer
Posts: 487
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: Random password script...

Tue Mar 13, 2012 6:58 am

A quick edit - the "generate password" line had a couple of typo's :-)

# define char table
:global chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
:local strPass "";

#get counters
:local ch1num [/ip firewall filter get [find comment=r1] packets ];
:local ch2num [/ip firewall filter get [find comment=r2] packets ];
:local ch3num [/ip firewall filter get [find comment=r3] packets ];

# make sure counter is not larger than 25
if ( ch1num > 25 ) do={ /ip firewall filter reset-counters [find comment=r1]; :set ch1num 0; };
if ( ch2num > 25 ) do={ /ip firewall filter reset-counters [find comment=r2]; :set ch2num 0; };
if ( ch3num > 25 ) do={ /ip firewall filter reset-counters [find comment=r3]; :set ch3num 0; };

# generate password
:set strPass ( [:tostr [ :pick $chArray $ch1num ]] . [:tostr [:pick $chArray $ch2num ]] . [:tostr [:pick $chArray $ch3num ]] );

:put $strPass ;

#the end
 
jo2jo
Forum Guru
Forum Guru
Posts: 1003
Joined: Fri May 26, 2006 1:25 am

Re: Random password script...

Mon Jul 23, 2012 10:15 pm

neither of these works on v 5.19.
 
denser
just joined
Posts: 12
Joined: Thu Dec 04, 2014 6:19 pm

Re: Random password script...

Thu Dec 04, 2014 6:22 pm

Hello guys, im new here and find this stuff useful and make some corrects to script
:local ruleprefix "random-"

:put "list rules to void unseen changes"
/ip firewall filter print without-paging

:put "set up password length"
:local passlen
if ([:tostr $passlen]="") do={:set passlen 8}

:put "make passthrough rules if none. according to passlen"
#/ip firewall filter remove [ find comment~$ruleprefix ]
:for i from=1 to=$passlen do={
	:local coment ($ruleprefix.[:tostr $i])
	if ([/ip firewall filter find comment=$coment]="") do={
		/ip firewall filter add action=passthrough chain=forward place-before=0 random=($i+1) comment=$coment
	}
}

:put "define char table"
:global chArray
if ([:tostr $chArray]="") do={:set chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z}

:put "count letters"
:local letters ( [:len $chArray ] - 1 )

:put "remember old password if any"
:global randompassword
:global oldpassword
if ($randompassword!="") do={:set oldpassword $randompassword}
:set randompassword ""

:put "generate new password"
:for i from=1 to=$passlen do={
	:local chnum [/ip firewall filter get [find comment=($ruleprefix.[:tostr $i])] packets ]
	if ( chnum > $letters ) do={
		:set chnum ( chnum - $letters * ( chnum / $letters ) )
		# need to reset?
		#/ip firewall filter reset-counters [find comment=($ruleprefix.[:tostr $i])]
	}
	:set randompassword [:tostr ( $randompassword . [ :tostr [ :pick $chArray $chnum ] ] ) ]
}

if ($oldpassword=$randompassword) do={
	:put "new password same - ignoring"
} else={
	:put "new password differs - change and email"
	........
}
Then we can anything to password - send it via email, send if it changes after 24h etc. Hope it would be useful to someone

Who is online

Users browsing this forum: Bing [Bot], marcelofares and 23 guests