Programmatically Create User Account

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#16 Post by botg » 2016-08-08 10:43

Please post a complete usage example.

trueloeque
504 Command not implemented
Posts: 6
Joined: 2016-08-08 08:46

Re: Programmatically Create User Account

#17 Post by trueloeque » 2016-08-08 11:03

For example:
Clear password: H0la
Salt (generated from Filezilla interface): Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h
Then, Clear_password+Salt=H0laUn&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h
So that, Get-StringHash "H0laUn&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h" "SHA512" = CAB727569E135D55C4B9A752AE0B5CF48A517E9FCFD86916B5DFF1889E7EE44C3032C9CE553E3ABCF41A37D24B23404714C3B48EDA146346CC927E3763203CAB

However, the encrypted password generated from Filezilla interface is: 297FB53F79165D3EE8AE0E5F5FBCE0A4667CC29BD86A684DA5356F30F508F69FAF5B5B6276BD23870688801C0192392371B3B3DECC02EF6694EFD10CD2288842

trueloeque
504 Command not implemented
Posts: 6
Joined: 2016-08-08 08:46

Re: Programmatically Create User Account

#18 Post by trueloeque » 2016-08-08 11:47

Also, not all printable ASCII characters are allowed for salt: " < > are not allowed.
If you select one of these characters, then Filezilla Interface will not show the users.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#19 Post by botg » 2016-08-08 15:37

botg wrote:Ponder the difference between a textual representation of an XML file and the data it actually contains.

trueloeque
504 Command not implemented
Posts: 6
Joined: 2016-08-08 08:46

Re: Programmatically Create User Account

#20 Post by trueloeque » 2016-08-10 11:13

What's?

It's very easy. What is the string to compute by the sha512 algorithm? Clear password more Salt doesn't work, so that the string has to be different.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#21 Post by botg » 2016-08-10 11:31

Salt (generated from Filezilla interface): Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h
No, that is not a salt generated by FileZilla Server.

trueloeque
504 Command not implemented
Posts: 6
Joined: 2016-08-08 08:46

Re: Programmatically Create User Account

#22 Post by trueloeque » 2016-08-10 16:05

Ok. I think what you tell me, but

From the FileZilla configuration file:
<Option Name="Salt">Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m$CUpnx+M*($`M<5YFPl}SlFvNGR0h</Option>

Then, from XML syntax,
Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m$CUpnx+M*($`M<5YFPl}SlFvNGR0h => Un'!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1'm$CUpnx+M*($`M<5YFPl}SlFvNGR0h

So that, my clear password + salt = H0laUn'!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1'm$CUpnx+M*($`M<5YFPl}SlFvNGR0h

Then,

Get-StringHash "H0laUn'!/oMP@`"EoNLH:uhYYGtrwMMp3J=1?1'm$CUpnx+M*($`M<5YFPl}SlFvNGR0h" "SHA512"
7C282B3B7FC84298E074E5225C2D682D7307E797473A33D151D9D1B8BA05905BA6C6BE5B5C5109756FDED3EB6474E9326A91D6A1735A01630407A6A19FD7D85D

guoyufeng
500 Command not understood
Posts: 1
Joined: 2017-01-20 06:50
First name: Yufeng
Last name: Guo

Re: Programmatically Create User Account

#23 Post by guoyufeng » 2017-01-20 06:55

botg wrote:
Generated salt - Ot0(]eaRu"L,IUDL({aiEzRFX8]e^lN>l{.&apos;(J.9Ha`g4&d3u^WKN05hYJpWB>lN
That's not a generated salt. FileZilla Server generates salts that are exactly 64 characters long.
I'm using version 0.9.95, and the salt is more than 64 characters, and when I use SHA512(password+salt).hexdegist() I cannot generate the same Pass as FileZilla Server would do. Is the code FileZilla generate Pass changed for version 0.9.95?

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#24 Post by botg » 2017-01-20 07:50

:lol: This is so funny.

Hint: The salt generated by FileZilla Server is always the same length. Ever single time, without exception.

devepic
500 Command not understood
Posts: 1
Joined: 2018-01-18 00:47
First name: Terry
Last name: Petersen

Re: Programmatically Create User Account

#25 Post by devepic » 2018-01-18 01:00

botg wrote::lol: This is so funny.

Hint: The salt generated by FileZilla Server is always the same length. Ever single time, without exception.
While this is true, when a salt gets stored in the XML file, thanks to the conversion of some of the special characters to their character entity, salts may appear as anything greater/equal to 64 characters.
For example: a Quotation Mark is converted to "

So:

This 64 Character Salt
"9vC[("-<%',td5w91TPK&/zucP\Q%-;;!#[r{{L]DBV]-S-KSPb"gur.HhDK^Nu

Becomes 91 characters when stored in the Server's XML Config
"9vC[("-<%&apos;,td5w91TPK&/zucP\Q%-;;!#[r{{L]DBV]-S-KSPb"gur.HhDK^Nu

Apologies for the revival but I think this is worth sharing.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#26 Post by botg » 2018-01-18 18:17

botg wrote:
botg wrote:Ponder the difference between a textual representation of an XML file and the data it actually contains.

AnthonyAltieri
500 Command not understood
Posts: 3
Joined: 2018-03-15 12:28
First name: Anthony
Last name: Altieri

Re: Programmatically Create User Account

#27 Post by AnthonyAltieri » 2018-03-15 12:41

I have tried all the examples above and have NOT been unable to add a user myself through any script.
However after I add a user through the GUI I am able to reverse decode the salt and password and get the correct SHA512HASH value.
Just retracing my steps.
salt value some random set of letters and numbers (64 length) "somelongstring6172617261somelongstring6172617261somelongstring61"
Add password to the front of that "test123" + "somelongstring6172617261somelongstring6172617261somelongstring61"
Used this website to generate the SHA512 hash https://passwordsgenerator.net/sha512-hash-generator/
Yielded me "2B247AE1EB6C6F481826ED4CA8B433E862B9F33DCB8A75C4BF3ECEB3852A38FDAFACC24A592362BAD3D87BBB37DF69C540C819008DE860B5CCA9CFA2ACAA4C40"
The yielded value becomes the xml tag Option Name.
The salt value becomes the xml tag Option Salt.
However when I login using the correct username and password it connects to the server and then asks for my password again.
FileZilla does not allow me to log in using these creditionals.
Please any help in this matter would be greatly appreciated.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#28 Post by botg » 2018-03-15 17:05

Did you tell the service to reload the configuration?

AnthonyAltieri
500 Command not understood
Posts: 3
Joined: 2018-03-15 12:28
First name: Anthony
Last name: Altieri

Re: Programmatically Create User Account

#29 Post by AnthonyAltieri » 2018-03-15 17:15

Yes I issued the command
"C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe" /reload-config
I have tried various different versions of the command and still no luck.
I should also provide you with the machine is a windows 2012 r2.
If I close the FileZilla Server and stop the service then restart YES it works.
But I can't get it reload from a command prompt or a powershell?
Thanks for your quick response.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Programmatically Create User Account

#30 Post by botg » 2018-03-16 00:05

Does the account you ran the command under have permissions to control services?

Post Reply