wwwacct hack - auto generate password

[Lem0nHead]

Hello

I just changed wwwacct so it generates random hard-to-guess passwords automatically when you try to create an account without supplying a password.

As I could see, cPanel already had this option (or something similar to that, but I didn't get how to use it, nor found in documentation).

So, just below $pass = $ARGV[2];
you have

if ($pass =~ /^fd:/) {

between these lines, add:

if ($pass =~ /^fd:/) {
my($lem0n_possible);
my($lem0n_length) = 8;

$pass="";

for($j=0; $j<$lem0n_length; $j++) {
$lem0n_possible = chr(ord('a') + int(rand(25))) x 2;
$lem0n_possible .= chr(ord('A') + int(rand(25))) x 2;
$lem0n_possible .= chr(ord('0') + int(rand(9))) x 1;

$pass .= substr($lem0n_possible, rand(length($lem0n_possible)), 1);
}
}

my($lem0n_length) = 8;

this is the length of the password
if you want a random length, you can use, for example:
my($lem0n_length) = 8 + int(rand(7));

this will generate a random length from 8 to 14 (because rand(7) generate a number from 0 to 6)

in the end of $lem0n_possible lines you see "x [number]"

this [number] is the relative probability of, in order, lowercase, uppercase and numbers happening on the password
in this case the [numbers] are 2, 2 and 1. So the probability is that the password has, for each 5 characteres: 2 lowercase, 2 uppercase letters and 1 number
of course that's just a probability, so you can have, for example, a password just with lowercases

well... i think that's all

if someone knows another way of creating random passwords easily, please let me know

-- Luis Fernando Estrozi

 

[nickn]

A checkbox when creating accounts to choose a random password would be a great addition

 

[Lem0nHead]

Originally posted by snickn
A checkbox when creating accounts to choose a random password would be a great addition

yes

the problem that i just found is that wwwacct is overwritten on cpanel updates...

 

[PWSowner]

You need to either write protect it, or even better, use my watchwwwacct script. It'll be at http://www.premierwebsitesolutions.com/scripts/ in the very near future.

What it does is compare the wwwacct file to a copy of your edited version and if it has changed, it then compares the new one to a copy of the original one. In most cases the change just put it back to it's original and in that case my script automatically changes it back to your edited version. If the cpanel update mad changes to the original version, my script will email you to tell you it's no longer your custom one and where it has changed from the original to help you change it back.