'use strict';const net = require('net');const crypto = require('crypto');cons

1. 'use strict';
2. const net = require('net');
3. const crypto = require('crypto');
4. const tacacs = require('tacacs-plus');
5.  
6. const AuthResult = Object.freeze({
7. Success: 'Success',
8. Failure: 'Failure'
9. });
10.  
11. const checkCredentials = (username, password) => {
12.  
13. return new Promise((resolve, reject) => {
14. let authResult = AuthResult.Failure;
15. let authMessage = null;
16.  
17. const shared_secret = null; // THIS SEEMS TO BE THE TRIGGER
18.  
19. const client = net.connect({port: 49, host: '192.168.30.77'}, function () {
20. console.log('Client connected!');
21.  
22. // now that we've connected, send the first auth packet
23.  
24. const sessionIdBytes = crypto.randomBytes(4);
25. const sessionId = Math.abs(sessionIdBytes.readInt32BE(0));
26.  
27. // create the auth start body
28. const authStart = tacacs.createAuthStart({
29. action: tacacs.TAC_PLUS_AUTHEN_LOGIN,
30. privLvl: tacacs.TAC_PLUS_PRIV_LVL_USER,
31. authenType: tacacs.TAC_PLUS_AUTHEN_TYPE_ASCII,
32. authenService: tacacs.TAC_PLUS_AUTHEN_SVC_LOGIN,
33. user: '',
34. port: '',
35. remAddr: '',
36. data: null
37. });
38.  
39. const version = tacacs.createVersion(tacacs.TAC_PLUS_MAJOR_VER, tacacs.TAC_PLUS_MINOR_VER_DEFAULT);
40. const sequenceNumber = 1;
41. const encryptedAuthStart = tacacs.encodeByteData(sessionId, shared_secret, version, sequenceNumber, authStart);
42.  
43. // create the tacacs+ header
44. const headerOptions = {
45. majorVersion: tacacs.TAC_PLUS_MAJOR_VER,
46. minorVersion: tacacs.TAC_PLUS_MINOR_VER_DEFAULT,
47. type: tacacs.TAC_PLUS_AUTHEN,
48. sequenceNumber: sequenceNumber,
49. flags: tacacs.TAC_PLUS_SINGLE_CONNECT_FLAG, // setting this to zero assumes encryption is being used -- | tacacs.TAC_PLUS_UNENCRYPTED_FLAG
50. sessionId: sessionId,
51. length: authStart.length
52. };
53. const header = tacacs.createHeader(headerOptions);
54.  
55. const packetToSend = Buffer.concat([header, encryptedAuthStart]);
56.  
57. // send the auth start packet to the server
58. client.write(packetToSend);
59. });
60.  
61. client.on('error', function (err) {
62. console.log(err);
63. reject(err);
64. });
65. client.on('close', function (had_err) {
66. if (had_err) {
67. reject(had_err);
68. }
69. resolve({status: authResult, msg: authMessage});
70. });
71. client.on('data', function (data) {
72. if (data) {
73. // decode response
74. const resp = tacacs.decodePacket({packet: data, key: shared_secret});
75.  
76. if (resp) {
77. if (resp.data.status === tacacs.TAC_PLUS_AUTHEN_STATUS_ERROR) {
78. client.end();
79. authMessage = "Authentication error";
80. } else if (resp.data.status === tacacs.TAC_PLUS_AUTHEN_STATUS_FAIL) {
81. client.end();
82. authMessage = "Authentication Failed";
83. } else if (resp.data.status === tacacs.TAC_PLUS_AUTHEN_STATUS_GETUSER) {
84.  
85. const newSeq = resp.header.sequenceNumber + 1;
86.  
87. const tRespOptions = {
88. flags: 0x00,
89. userMessage: username,
90. data: null
91. };
92. const tContinue = tacacs.createAuthContinue(tRespOptions);
93. const encryptedContinue = tacacs.encodeByteData(resp.header.sessionId, shared_secret, resp.header.versionByte, newSeq, tContinue);
94.  
95. const tRespHeader = {
96. majorVersion: tacacs.TAC_PLUS_MAJOR_VER,
97. minorVersion: tacacs.TAC_PLUS_MINOR_VER_DEFAULT,
98. type: tacacs.TAC_PLUS_AUTHEN,
99. sequenceNumber: newSeq,
100. flags: resp.header.flags,
101. sessionId: resp.header.sessionId,
102. length: encryptedContinue.length
103. };
104. const header = tacacs.createHeader(tRespHeader);
105.  
106. const packetToSend = Buffer.concat([header, encryptedContinue]);
107. client.write(packetToSend);
108. } else if (resp.data.status === tacacs.TAC_PLUS_AUTHEN_STATUS_GETPASS) {
109. const newSeq = resp.header.sequenceNumber + 1;
110.  
111. const tRespOptions = {
112. flags: 0x00,
113. userMessage: password,
114. data: null
115. };
116. const tContinue = tacacs.createAuthContinue(tRespOptions);
117. const encryptedContinue = tacacs.encodeByteData(resp.header.sessionId, shared_secret, resp.header.versionByte, newSeq, tContinue);
118.  
119. const tRespHeader = {
120. majorVersion: tacacs.TAC_PLUS_MAJOR_VER,
121. minorVersion: tacacs.TAC_PLUS_MINOR_VER_DEFAULT,
122. type: tacacs.TAC_PLUS_AUTHEN,
123. sequenceNumber: newSeq,
124. flags: resp.header.flags,
125. sessionId: resp.header.sessionId,
126. length: encryptedContinue.length
127. };
128. const header = tacacs.createHeader(tRespHeader);
129.  
130. const packetToSend = Buffer.concat([header, encryptedContinue]);
131. client.write(packetToSend);
132.  
133. } else if (resp.data.status === tacacs.TAC_PLUS_AUTHEN_STATUS_PASS) {
134. client.end();
135. authMessage = "Success";
136. authResult = AuthResult.Success;
137. } else {
138. const newSeq = resp.header.sequenceNumber + 1;
139. const tRespOptions = {
140. flags: tacacs.TAC_PLUS_CONTINUE_FLAG_ABORT,
141. userMessage: null,
142. data: null
143. };
144. const tContinue = tacacs.createAuthContinue(tRespOptions);
145. const encryptedContinue = tacacs.encodeByteData(resp.header.sessionId, shared_secret, resp.header.versionByte, newSeq, tContinue);
146.  
147. const tRespHeader = {
148. majorVersion: tacacs.TAC_PLUS_MAJOR_VER,
149. minorVersion: tacacs.TAC_PLUS_MINOR_VER_DEFAULT,
150. type: tacacs.TAC_PLUS_AUTHEN,
151. sequenceNumber: newSeq,
152. flags: resp.header.flags,
153. sessionId: resp.header.sessionId,
154. length: encryptedContinue.length
155. };
156. const header = tacacs.createHeader(tRespHeader);
157.  
158. const packetToSend = Buffer.concat([header, encryptedContinue]);
159. client.write(packetToSend);
160. client.end();
161. authMessage = "General failure";
162. }
163. }
164. } else {
165. reject('Client: No data!');
166. }
167. });
168.  
169. });
170. };
171.  
172. const doMain = async () => {
173. let promises = [];
174. for (let x = 0; x < 20; x++) {
175. promises.push(checkCredentials('admin', 'badpass').then(result => {
176. console.log(result);
177. }));
178. }
179. await Promise.all(promises);
180. };
181.  
182. doMain();