我的路由器配置页面的客户端散列方法中使用的XML对象是什么?
payload = {
'Username': 'admin',
'Password': 'e451cc1e5885cae5bec2640cf40c7ee6cc09010ddc6f897963641fa63d6852be',
'action': 'login',
'_sessionTOKEN': '510252081095712727960760'
}
当我尝试登录路由器的配置页面时,这是带有我的发布请求发送的有效载荷(该页面 /a>)带有用户名的凭据“ admin”和“ 1”的密码。因此,显然,密码与SHA256(互联网上的哈希分析仪说)进行了哈希,但是SHA256(“ 1”)与上面的'密码'值不符。稍后,我检查了源HTML,并在<脚本之间找到了此
function g_loginToken(xml) {
var xmlObj = $(xml).text();
var Password = $("#Frm_Password").val();
var SHA256Password = sha256(Password + xmlObj);
var LoginFormObj = new webSubmitForm();
LoginFormObj.addParameter("Username", $("#Frm_Username").val());
LoginFormObj.addParameter("Password", SHA256Password);
LoginFormObj.addParameter("action", "login");
LoginFormObj.addParameter("_sessionTOKEN", "313949915505130291199244");
LoginFormObj.Form.submit();
Password = undefined;
SHA256Password = undefined;
}
方法)与某些XML对象连接,该对象作为参数传递给G_Logintoken函数。我不知道XML对象是什么,也许我会预测我的请求标头序列化为XML,而我不知道我的要求。帮助您表示赞赏。
编辑:这是通过@andrejkesely的建议,在设置断点定义的断点后的“ XML”和“ XMLOBJ”变量的样子 我仍然不知道这些值代表什么。
payload = {
'Username': 'admin',
'Password': 'e451cc1e5885cae5bec2640cf40c7ee6cc09010ddc6f897963641fa63d6852be',
'action': 'login',
'_sessionTOKEN': '510252081095712727960760'
}
This is the payload sent with my POST request when I try to login my router's configuration page (which is at http://192.168.1.1) with the credentials "admin" for username and "1" for the password. So obviously password gets hashed with sha256 (hash analyzers on internet told so) but sha256("1") doesn't match the 'Password' token above. Later on I inspected the source HTML and found this method between <script></script> tags:
function g_loginToken(xml) {
var xmlObj = $(xml).text();
var Password = $("#Frm_Password").val();
var SHA256Password = sha256(Password + xmlObj);
var LoginFormObj = new webSubmitForm();
LoginFormObj.addParameter("Username", $("#Frm_Username").val());
LoginFormObj.addParameter("Password", SHA256Password);
LoginFormObj.addParameter("action", "login");
LoginFormObj.addParameter("_sessionTOKEN", "313949915505130291199244");
LoginFormObj.Form.submit();
Password = undefined;
SHA256Password = undefined;
}
If i'm not mistaken the password I provide (which is "1" in this particular case) gets concatenated with some XML object which is passed as a parameter to the g_loginToken function. I don't know what would the XML object be, perhaps I'd predict like my request headers serialized as XML, further than that I have no idea. Help is appreciated.
Edit: Here is how the "xml" and "xmlObj" variables look like after setting a breakpoint where they get defined, by the advice from @AndrejKesely
I still don't know what these values represent though.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
http:// {router_ip}/function_module/login_module/login_page/logintoken_lua.lua?_= {unix_time}至少在我的router上。我在请求中未经Unix时间的情况下进行了测试,并且产生了一个无效的令牌。
http://{router_ip}/function_module/login_module/login_page/logintoken_lua.lua?_={unix_time}at least on my router.I tested without passing unix time in the request and it generated a token which didn't work.