Jump to content

how i can manually login to HG router using curl?


Recommended Posts

Posted

the problem that i tried the curl command from chrome network tab and it didn't work ! so i looked in the page html and found that it does this

1- Encrypt the password to sha256

2- then base64 encode the sha256 hash

3- then add the hash to the challange ( that it gets from another page )

4- then sha 256 the outputthese code lines

 var dbpass = base64encode(SHA256(Password.value)); 
var realpass = dbpass + challange; 
form.addParameter('Password', SHA256(realpass));

i tried to that step by step and it still doesn't work !
the curl command from chrome without cleaning

curl "http://192.168.1.1/index/login.cgi" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/html/index.asp" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" -H "Cookie: Language=en; SessionID_R3=7EGmyRl6PcjZyCodTPl8zshYtbagRfUEIYm4njyVzkHAjoRgfeg8OLYerWewZlUwo5r4FeTPnsbRyB7eeCiVNf22aoU6E7eDAqAXc4w8iINkdt3srn3pdKYCDjvXmZw5; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0" --data "Username=admin&Password=3bacd54fb595f90906feb6c68659c96bee5a2f4a594aea3fc50a56c306a04cb5&challange=IkYo7bcXU68FzOOzCPBg" --compressed --insecure

the command after cleaning it up a little bit

curl "http://192.168.1.1/index/login.cgi" -H "Cookie: Language=en; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0" --data "Username=user&Password=16e1c03a0075fa68ddca3398b5cd6342692cb9868b68a4c9c0a92b89311667a8&challange=KCoMUJ4u3SEf7bfDJ3o9"

i have removed SessionID_R3 from it as i think it's not necessary and tried the command with it and it didn't make any difference. a succeed connection in wireshark image
eCZ6r.png

and the chrome network tab

U8eaF.png
Posted

the SessionID_R3 isn't necessary to login but necessary to view auth required pages and it gives you a new one when you successful login

the working command

curl "http://192.168.1.1/index/login.cgi" -H "Cookie: Language=en" --data "Username=user&Password=16e1c03a0075fa68ddca3398b5cd6342692cb9868b68a4c9c0a92b89311667a8&challange=KCoMUJ4u3SEf7bfDJ3o9"

i would have removed the cookies from it but it's required .

the problem was additional space in the forth step that resulted in a wrong hashed 'password+challange'

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...