bit-tech.net

Go Back   bit-tech.net Forums > Technology > Software

Reply
 
Thread Tools
Old 16th Jan 2017, 08:02   #1
badders
Neuken in de Keuken
 
badders's Avatar
 
Join Date: Dec 2007
Location: Essex, UK
Posts: 2,626
badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.
Command-line router webpage access

Hi All,

I currently run a bash script twice an hour to check if my external IP (from an external source -http://icanhazip.com/ ) is different from the IP of my domain, and if it is, push my external IP address to my Domain registrar, in a dynamic-DNS setup, but with a regular Domain name.

However, this relies on the external host being up and responding with the IP.

My router, a plusnet Hub one, does display the external IP address, but only after you log in and go to the correct page.

Hitting the correct page is not an issue, but the login page gives you a session cvookie, takes the password you type and adds it to an auth_key variable (supplied as a hidden field on the form), md5 hashes it in JS, and then passes that to index.cgi to verify the login.

Once the session cookie is verified, I can use cURL to pick up the shown External IP address, but I can't seem to get it to login via the login page.

This would all be much simpler if I could get telnet or SSH access to the router, but it's locked down.

Does anyone have any ideas?

Edit: I should say that the endgame is to get the external IP without contacting an external service, in case I wasn't clear!
__________________
Quote:
Originally Posted by Silver51 View Post
John Hanlon standing on an oil pipeline during a blizzard, punching an angry polar bear in the balls. I heard he really did that once.
badders is offline   Reply With Quote
Old 16th Jan 2017, 09:25   #2
Krazeh
Mod Master
 
Krazeh's Avatar
 
Join Date: Aug 2003
Location: Manchester
Posts: 2,091
Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.Krazeh is the Cheesecake. Relix smiles down upon them.
You could flash it with OpenWRT/LEDE. However, that does require some soldering skills and a USB to serial cable. You do get a much more useful firmware at the end of it tho.
__________________
"My name is don don
I am pretty elephant
Love me well!"
Krazeh is offline   Reply With Quote
Old 16th Jan 2017, 10:31   #3
badders
Neuken in de Keuken
 
badders's Avatar
 
Join Date: Dec 2007
Location: Essex, UK
Posts: 2,626
badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.
I could, but I'm disinclined to do so just for this "nice-to-have" - it operates fine for everything else, I'd just like to reduce my reliance on an external service when the information is technically available from within my network!
__________________
Quote:
Originally Posted by Silver51 View Post
John Hanlon standing on an oil pipeline during a blizzard, punching an angry polar bear in the balls. I heard he really did that once.
badders is offline   Reply With Quote
Old 17th Jan 2017, 12:58   #4
law99
Custom User Title
 
law99's Avatar
 
Join Date: Sep 2009
Location: Bournemouth
Posts: 2,377
law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.
Are you just after the external IP after a new session is established when connecting to your ISP? You don't need your router to do that.

http://ipecho.net/plain
__________________
3570k WC @ 4.7giggles | 8gb Kingston 2133mhz | ASUS Sabertooth Z77 | soaking 1070 gtx | Seasonic x-660w | NZXT 810 switch | Crucial M4 128gb | 2x F3 1tb Raid 1 | NZXT Sentry 6ch 50w fan controller | BenQ bl3200pt 2560x1440p
law99 is offline   Reply With Quote
Old 17th Jan 2017, 14:08   #5
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,626
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by law99 View Post
Are you just after the external IP after a new session is established when connecting to your ISP? You don't need your router to do that.
http://ipecho.net/plain
Ahem:
Quote:
Originally Posted by badders View Post
However, this relies on the external host being up and responding with the IP.
[...]
Edit: I should say that the endgame is to get the external IP without contacting an external service, in case I wasn't clear!
The correct answer is to stop trying to parse webpages and just enable SNMP on the router. Then it's just a case of:

snmpwalk -v2c -c public your_router_here ip | grep ipAdEntAddr

(You may need to change what you're searching for depending on how your router responds - try it without the grep first.)

EDIT: If your router doesn't support SNMP(!), then try logging in prior to snagging the you-must-be-logged-in-page:

curl -s --data "loginuser=admin&loginpasswd=adminpassword" --cookie-jar cookies.txt http://your_router_here/plusnetlogin.cgi > /dev/null
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!

Last edited by Gareth Halfacree; 17th Jan 2017 at 15:21.
Gareth Halfacree is offline   Reply With Quote
Old 17th Jan 2017, 19:28   #6
deathtaker27
Probook Addict
 
deathtaker27's Avatar
 
Join Date: Apr 2010
Location: United Kingdom
Posts: 1,993
deathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyandeathtaker27 is a Super Spamming Saiyan
If Gareth's idea doesn't work, you could always use google https://www.google.co.uk/search?q=my+ip
deathtaker27 is offline   Reply With Quote
Old 17th Jan 2017, 23:28   #7
badders
Neuken in de Keuken
 
badders's Avatar
 
Join Date: Dec 2007
Location: Essex, UK
Posts: 2,626
badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.badders is the Cheesecake. Relix smiles down upon them.
Solved it, in a very hacky bash script!
Code:
#!/bin/bash
routerip='192.168.1.254'
pass='<PASSWORD>'
page=`curl -Ls 'http://$routerip/index.cgi?active_page=9148' -H 'Cookie: rg_cookie_session_id=' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'DNT: 1' --data 'active_page=9121' --cookie-jar cookies.txt`
posttoken=`echo $page |grep post_token |awk 'BEGIN { FS = "\"post_token\" value=\"" } ; {print $2}'|awk 'BEGIN { FS = "\"" } ; {print $1}'|xargs`
requestid=`echo $page |grep request_id |awk 'BEGIN { FS = "\"request_id\" value=\"" } ; {print $2}'|awk 'BEGIN { FS = "\"" } ; {print $1}'|xargs`
authkey=`echo $page |grep auth_key |awk 'BEGIN { FS = "\"auth_key\" value=\"" } ; {print $2}'|awk 'BEGIN { FS = "\"" } ; {print $1}'|xargs`
passwordid=`echo $page |grep password_ |awk 'BEGIN { FS = "\"password_" } ; {print $2}'| awk 'BEGIN { FS = "\"" } ; {print $1}'|xargs`
pass+=$authkey
passhash=`echo -n $pass |openssl dgst -md5|awk '{print $2}'`
postvars="request_id=$requestid&active_page=9148&active_page_str=bt_login&mimic_button_field=submit_button_login_submit%3A+..&button_value=&post_token=$posttoken&password_$passwordid=&md5_pass=$passhash&auth_key=$authkey"

curl -Ls 'http://$routerip/index.cgi'  -H 'Content-Type: application/x-www-form-urlencoded' -H 'Cache-Control: max-age=0' -H 'Referer: http://192.168.1.254/index.cgi?active_page=9121' -H 'Connection: keep-alive' -H 'DNT: 1' --data "$postvars" --cookie cookies.txt >/dev/null

IP=`curl -s  'http://$routerip/index.cgi?active_page=9121&nav_clear=1' -H 'DNT: 1' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en-US;q=0.8,en;q=0.6' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' --cookie cookies.txt --compressed | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" |head -n 1`

echo $IP
Edit: OK, so some clarification:
The password is never sent in a POST variable, in the original page it is salted with the value of a Hidden field called "auth_key", supplied by the page, and then hashed usng a JS function called "hex_md5". I was able to emulate this in bash with echo -n $pass |openssl dgst -md5|awk '{print $2}'.
This needs to be passed as POST data along with some other hidden fields from the page (used for verification server-side) - "post_token", "auth_key" and "request_id", as well as the unique name of the password field "password_xxxxxxxxxx", all of which change each session.
The cookie supplied by the page is captured as cookies.txt by the first cURL call ( --cookie-jar cookies.txt), and then subsequently used by the other 2 cURL requests(--cookie cookies.txt) to ensure the session is the same.

SNMP is unfortunately not enabled, and as the cgi is one application - e.g. there is no "plusnetlogin.cgi" page, I've had to do it this way.

I'll continue to verify this over the next couple of router reboots, and if it keeps matching the IP I get from the external source, I'll switch over to using this and put some error-checking in place to ensure the IP is captured and not the software version number, which is what happens if the login fails.
__________________
Quote:
Originally Posted by Silver51 View Post
John Hanlon standing on an oil pipeline during a blizzard, punching an angry polar bear in the balls. I heard he really did that once.

Last edited by badders; 18th Jan 2017 at 07:51.
badders is offline   Reply With Quote
Old 18th Jan 2017, 09:42   #8
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 8,626
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by badders View Post
Solved it, in a very hacky bash script!
Skills! Remember: if it's stupid and it works, it ain't stupid! (But seriously, Plusnet, get with the programme and enable SNMP, would you? This is *literally* what it's designed for.)
__________________
Author, Raspberry Pi User Guide Fourth Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me! | Need a VPN? Try AirVPN!
Gareth Halfacree is offline   Reply With Quote
Old 18th Jan 2017, 23:03   #9
law99
Custom User Title
 
law99's Avatar
 
Join Date: Sep 2009
Location: Bournemouth
Posts: 2,377
law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.law99 is definitely a rep cheat.
I can't see ISPs racing to make sure their "do WiFi, do obvious reset button" routers support SNMP.
__________________
3570k WC @ 4.7giggles | 8gb Kingston 2133mhz | ASUS Sabertooth Z77 | soaking 1070 gtx | Seasonic x-660w | NZXT 810 switch | Crucial M4 128gb | 2x F3 1tb Raid 1 | NZXT Sentry 6ch 50w fan controller | BenQ bl3200pt 2560x1440p
law99 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 02:40.
Powered by: vBulletin Version 3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.