Skip to content
/ ProxmoxAuthForge Public

A Python script designed for generating authentication tokens for Proxmox VE (Virtual Environment). The script automates the process of creating 'PVEAuthCookie' and 'PMGAuthCookie', with the private key typically found at /etc/pve/priv/authkey.key for PVE and /etc/pmg/pmg-authkey.key for PMG

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Yeeb1/ProxmoxAuthForge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
pve_token_forger.py
pve_token_forger.py
 
 

Repository files navigation

ProxmoxAuthForge

This Python script is a modified version of the original proof of concept by Li JianTao ([@cursered](https://x.com/cursered)), designed for forging PVE (Proxmox VE) authentication tokens. The script generates the cookie "PVEAuthCookie" or "PMGAuthCookie" by using the `authkey.key` of a Proxmox instance for signing.

For more details, visit: Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway.

Authentication Mechanism in PVE/PMG

  • Authentication in PVE and PMG is implemented by signing and verifying a string with RSA/SHA-1.
  • Upon successful login, the server issues a signed “ticket” for the client, known as “PVEAuthCookie” or “PMGAuthCookie”.
  • The ticket format is PVE:{username}@{realm}:{hex(timestamp)}; the signature is created using a private key stored at /etc/pve/priv/authkey.key for PVE, or /etc/pmg/pmg-authkey.key for PMG.

Script Usage

python3 pve_token_forger.py <path_to_authkey> <system_type> <username>

# Example usage
python3 pve_token_forger.py /etc/pve/priv/authkey.key PVE root@pam -h
PVE:root@pam:6582A001::mSoWs0OiTIiT9XlvkUT/kojDzIvAQaSF76kdGULdVb3a7L5d70lQyimQvrGccsbg8bdCOB5B5G4YlwDyjsr/xWAVQB8DvdFMu3h/W+e8/FGQ+yhUC4z/Rwivqjw2BHS8ConmiYl1AFxxStwXCWdyqk6b3+f3WP+Vj5QlJAC1xeT4CRUBA9YeuGNL9NBd8u9NqHzicMhd00vCPD+9ekna68hLA4sPbqIoCAe/IiLDLpeVgImqAVTaW2j20KjumEIwPf1G+i+lSwfw+Xbe2e6s6bz0sgirITR5r5hHDOO8vMaKnV2yOcP3xuBWM87LPhMwN3QuP5oluEkWUZ7OZh2/Tw=

The script is for informational and educational purposes only. The author and contributors of this script are not responsible for any misuse or damage caused by this tool.

About

A Python script designed for generating authentication tokens for Proxmox VE (Virtual Environment). The script automates the process of creating 'PVEAuthCookie' and 'PMGAuthCookie', with the private key typically found at /etc/pve/priv/authkey.key for PVE and /etc/pmg/pmg-authkey.key for PMG

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages