我如何使用 curl 手动登录到 HG 路由器?
how i can manually login to HG router using curl?
我从 chrome 网络选项卡尝试 curl 命令但没有成功的问题!
所以我查看了 the page html 并发现它是这样做的
1-将密码加密为sha256
2- 然后 base64 编码 sha256 哈希
3- 然后将散列添加到挑战中(它从另一个页面获取)
4- 然后 sha 256 输出
我一步一步尝试过,但还是不行!
来自 chrome 的 curl 命令没有清理
curl "http://192.168.1.1/index/login.cgi" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/html/index.asp" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" -H "Cookie: Language=en; SessionID_R3=7EGmyRl6PcjZyCodTPl8zshYtbagRfUEIYm4njyVzkHAjoRgfeg8OLYerWewZlUwo5r4FeTPnsbRyB7eeCiVNf22aoU6E7eDAqAXc4w8iINkdt3srn3pdKYCDjvXmZw5; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0" --data "Username=admin&Password=3bacd54fb595f90906feb6c68659c96bee5a2f4a594aea3fc50a56c306a04cb5&challange=IkYo7bcXU68FzOOzCPBg" --compressed --insecure
稍微清理后的命令
curl "http://192.168.1.1/index/login.cgi" -H "Cookie: Language=en; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0" --data "Username=user&Password=16e1c03a0075fa68ddca3398b5cd6342692cb9868b68a4c9c0a92b89311667a8&challange=KCoMUJ4u3SEf7bfDJ3o9"
我已经从中删除了 SessionID_R3,因为我认为这没有必要,并尝试使用它执行命令,但没有任何区别。
wireshark 中的成功连接
image
and the chrome network tab
SessionID_R3 不是登录所必需的,但查看需要身份验证的页面是必需的,它会在您成功登录后为您提供一个新页面
工作命令
curl "http://192.168.1.1/index/login.cgi" -H "Cookie: Language=en" --data "Username=user&Password=16e1c03a0075fa68ddca3398b5cd6342692cb9868b68a4c9c0a92b89311667a8&challange=KCoMUJ4u3SEf7bfDJ3o9"
我会从中删除 cookie,但这是必需的。
问题是第四步中的额外 space,导致错误的散列 'password+challange'
我从 chrome 网络选项卡尝试 curl 命令但没有成功的问题! 所以我查看了 the page html 并发现它是这样做的
1-将密码加密为sha256
2- 然后 base64 编码 sha256 哈希
3- 然后将散列添加到挑战中(它从另一个页面获取)
4- 然后 sha 256 输出
我一步一步尝试过,但还是不行! 来自 chrome 的 curl 命令没有清理
curl "http://192.168.1.1/index/login.cgi" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/html/index.asp" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" -H "Cookie: Language=en; SessionID_R3=7EGmyRl6PcjZyCodTPl8zshYtbagRfUEIYm4njyVzkHAjoRgfeg8OLYerWewZlUwo5r4FeTPnsbRyB7eeCiVNf22aoU6E7eDAqAXc4w8iINkdt3srn3pdKYCDjvXmZw5; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0" --data "Username=admin&Password=3bacd54fb595f90906feb6c68659c96bee5a2f4a594aea3fc50a56c306a04cb5&challange=IkYo7bcXU68FzOOzCPBg" --compressed --insecure
稍微清理后的命令
curl "http://192.168.1.1/index/login.cgi" -H "Cookie: Language=en; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0" --data "Username=user&Password=16e1c03a0075fa68ddca3398b5cd6342692cb9868b68a4c9c0a92b89311667a8&challange=KCoMUJ4u3SEf7bfDJ3o9"
我已经从中删除了 SessionID_R3,因为我认为这没有必要,并尝试使用它执行命令,但没有任何区别。 wireshark 中的成功连接 image
and the chrome network tab
SessionID_R3 不是登录所必需的,但查看需要身份验证的页面是必需的,它会在您成功登录后为您提供一个新页面
工作命令
curl "http://192.168.1.1/index/login.cgi" -H "Cookie: Language=en" --data "Username=user&Password=16e1c03a0075fa68ddca3398b5cd6342692cb9868b68a4c9c0a92b89311667a8&challange=KCoMUJ4u3SEf7bfDJ3o9"
我会从中删除 cookie,但这是必需的。
问题是第四步中的额外 space,导致错误的散列 'password+challange'