I use this API wrapper to update passwords over the Guacamole API
Pip Package: https://pypi.org/project/guacamole-api-wrapper/
GitLab Repo: https://gitlab.com/gacybercenter/open/guacamole-api-wrapper
This will be some pseudo-code to do it:
"""
This script updates the password of a user in Apache Guacamole.
"""
import guacamole
import string
import random
def generate_random_string(length=16):
characters = string.ascii_letters + string.digits + string.punctuation
random_string = ''.join(random.choice(characters) for i in range(length))
return random_string
host = "https://my.guacamole.server/guacamole";
username = "guacadmin"
password = "guacadmin"
datasource = "postgresql"
new = generate_random_string()
try:
session = guacamole.session(
host=host,
username=username,
password=password,
data_source=datasource,
)
except Exception as e:
raise e
try:
res = session.update_user_password(
username=username, oldpassword=password, newpassword=new
)
except Exception as e:
raise e
print("Password Updated")
print(new)
________________________________
From: Sean Hulbert <[email protected]>
Sent: Wednesday, August 14, 2024 11:39 AM
To: [email protected] <[email protected]>
Subject: Re: Changing guacadmin password
Here are some questions.
1. Do you have root access to the VDI/Container image
2. Is this setup using SQL?
If you have access via command line and are using (Mariadb, MySQL, Postgresql)
SQL database.
You can log in to via the database switch to the guacamole database then run
these commands as root or admin of the database.
SET @salt = UNHEX(SHA2(UUID(), 256));
INSERT INTO guacamole_entity (name, type) VALUES ('AddYourUserNameHere',
'USER');
INSERT INTO guacamole_user (
entity_id,
password_salt,
password_hash,
password_date
)
SELECT
entity_id,
@salt,
UNHEX(SHA2(CONCAT('AddYourPasswordHere', HEX(@salt)), 256)),
CURRENT_TIMESTAMP
FROM guacamole_entity
WHERE
name = 'AddYourUserNameHere'
AND type = 'USER';
Example: guacadmin is 1
issue command to get the user entity ID number : select * from guacamole_entity;
INSERT INTO guacamole_system_permission (entity_id, permission) VALUES
(AddEntityIDNumber, 'ADMINISTER');
INSERT INTO guacamole_system_permission (entity_id, permission) VALUES
(AddEntityIDNumber, 'CREATE_USER_GROUP');
INSERT INTO guacamole_system_permission (entity_id, permission) VALUES
(AddEntityIDNumber, 'CREATE_USER');
Hope this helps!
Thank You
Sean Hulbert
Security Centric Inc.
A Cybersecurity Virtualization Enablement Company
StormCloud Gov, Protected CUI Environment!
[cid:[email protected]]
Industry's most secure CMMC virtual desktops!
FedRAMP MIL4 in process (RAR)
System Award Management
CAGE: 8AUV4
SAM ID: UMJLJ8A7BMT3
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the hacker you
haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the use of
the intended recipient(s). Unauthorized interception, review, use or disclosure
is prohibited and may violate applicable laws including the Electronic
Communications Privacy Act. If you are not the intended recipient, please
contact the sender and destroy all copies of the communication. Content within
this email communication is not legally binding as a contract and no promises
are guaranteed unless in a formal contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 8/14/2024 7:29 AM, Devine, Harry (FAA) wrote:
We have a test system that has Guacamole on it. Our test system is used for
security testing, such as penetration testing, etc., and they like us to have a
subset of applications/services that our production systems have. So, for the
Guacamole installation, for some reason, I can’t log in with the guacadmin user
to start adding some test connections. Everything I see online says to log in
as guacadmin via the GUI and then change the password via the Preferences tab.
But since I can’t do that, how do I update the password another way? Perhaps
in the MySQL database itself?
Thanks,
Harry
