1

i'm trying to identify client Linux PC (our branch) to allow acces to our PHP application at main office. i want to get the nic mac address (using php/bash) then hashing/crypt it, then send to php server at main office. How to call the php/bash script at client and send the information using javascript/ajax/jquery ?

Note: I still have no success using evercookies to implement this.

Chris
  • 5,584
  • 9
  • 40
  • 58
Giovanni
  • 11
  • 2
  • So instead of filtering by IP number, you want to grant access to anyone who can send the hashed mac? What's the point of that? – Håkan May 22 '13 at 15:25
  • 1
    what's the point of this? macs are pretty easy to forge, and if you're dealing with disparate networks, a single mac can appear in MANY places, since macs are only relevant for the local network. – Marc B May 22 '13 at 15:28
  • I will register the hashing of client mac address (our branch pc) in mysql database stored using php application at server (LAMP server - at our main office). Then compare the value sent by browser of client to the entry in mysql. If match, they can access the php application via VPN, if not (the whole world) - then reject it. May be i will combine MAC address + cpu id of PC, before hashing them. – Giovanni May 22 '13 at 15:43

1 Answers1

2

Well the linux command is

    ifconfig|grep -i ether|awk '{ print $2 }'|sha256sum

in php it would be

    <?php
    $hashedResult = system("ifconfig|grep -i ether|awk '{ print $2 }'|sha256sum");
    ?>

this will return a hashed string

remove the ' |sha256sum ' to see the MAC address

NOTE: this assumes the PC hardware will be consistant (not adding USB ethernet cards)

to add CPU info into the hash you could use this command

    (ifconfig|grep -i ether|awk '{ print $2 }' && cat /proc/cpuinfo) |sha256sum
wpenton
  • 91
  • 10
  • Thanks wpenton. Do you know how to send that information to php using javascript/jquery/ajax ? Because this information must be compared at server side. – Giovanni May 22 '13 at 15:44
  • if you are already using jQuery then using [jQuery.ajax](http://api.jquery.com/jQuery.ajax/) should not be that difficult. – wpenton May 22 '13 at 15:47
  • Thanks again wpenton. If I want to add CPU id to mac address before hashing it, how to do it ? – Giovanni May 22 '13 at 15:56
  • What do you mean CPU ID? You can run ' cat /proc/cpuinfo ' and get loads of data but not a CPU ID. – wpenton May 22 '13 at 16:02
  • Using 'dmidecode' can get it : [link]http://stackoverflow.com/questions/4216009/getting-cpu-or-motherboard-serial-number/4216127#4216127 [/link] [code] >dmidecode -t processor # dmidecode 2.7 SMBIOS 2.2 present. Handle 0x0004, DMI type 4, 32 bytes. Processor Information Socket Designation: Socket 478 Type: Central Processor Family: Pentium 4 Manufacturer: Intel ID: 27 0F 00 00 FF FB EB BF [/code] – Giovanni May 22 '13 at 16:13
  • that command appears to need root access to run and it is extremely bad practice to allow a publicly facing website to run any root command (many security issues) – wpenton May 22 '13 at 16:17
  • `grep | awk` can usually be refactored, `ifconfig | awk 'tolower($0) ~ /ether/{print $2}'` – tripleee May 22 '13 at 17:18
  • If the CPU does not change too often (-: you can generate a static file with this information, perhaps with read access only for the web server. – tripleee May 22 '13 at 17:21