#1
|
|||
|
|||
Linksys Series E2500 firmware: 2.0.00
This router is tricky for a couple of reasons:
1) the admin password has client side encryption before actually been sent to the login page 2) the login returns a session id which is used on all the pages that follow. the script will take care of the session the id thing, the actual reconnect. but not the password. HTML Code:
[[[HSRC]]] [[[STEP]]] [[[REQUEST]]] POST /login.cgi HTTP/1.1 Host: %%%routerip%%% submit_button=login&change_action=&gui_action=Apply&wait_time=19&submit_type=&http_username=%%%username%%%&http_passwd=%%%password%%% [[[/REQUEST]]] [[[RESPONSE keys="sid"]]] \";session_id=(.*?)\"; [[[/RESPONSE]]] [[[/STEP]]] [[[STEP]]] [[[REQUEST]]] POST /apply.cgi;session_id=%%%sid%%% HTTP/1.1 Host: %%%routerip%%% submit_button=Status_Router&submit_type=Disconnect_pppoe&change_action=gozila_cgi&wan_proto=pppoe [[[/REQUEST]]] [[[/STEP]]] [[[STEP]]] [[[REQUEST]]] POST /apply.cgi;session_id=%%%sid%%% HTTP/1.1 Host: %%%routerip%%% submit_button=Status_Router&submit_type=Connect_pppoe&change_action=gozila_cgi&wan_proto=pppoe [[[/REQUEST]]] [[[/STEP]]] [[[STEP]]] [[[WAIT seconds="5"/]]] [[[/STEP]]] [[[/HSRC]]] To get the password the best would be to use the create script function, and then check what http_passwd value looks on the post /login.cgi step hope someone finds it useful |
Thread Tools | |
Display Modes | |
|
|