garis · October 7, 2022 20:01
diff --git a/login_getdata.py b/login_getdata.py
 # Usage:
 # python3 login_getdata.py -p XXXXXXXXXX -ip 192.168.YYY.ZZZ -r '[^,]*,[^,]*\"PC\-AAA\-BBB\-CCC\-DDD\".+?(?=\,\{\"uid)'   

 import sys
 import os
 import binascii
 # pip install requests
 import requests
 import re
 from argparse import ArgumentParser
 # pip install backports.pbkdf2
 from backports.pbkdf2 import pbkdf2_hmac

 parser = ArgumentParser()
 parser.add_argument("-p", "--password", dest="password",
                    type=str, help="Login password")
 parser.add_argument("-ip", "--address", dest="address",
                    type=str, help="Device IP address")
 parser.add_argument("-d", "--pagename", dest="pagename", default="data.lua",
                    type=str, help="The data to request. Example: data.lua")
 parser.add_argument("-v", "--verbose",
                    help="increase output verbosity", action="store_true")
 parser.add_argument("-r", "--regex", dest="regex", default=".*",
                    type=str, help="filter output using a regex")

 args = parser.parse_args()
 password = args.password
 deviceAddress = str.format("http://{0}/", args.address)
 if (args.verbose):
    print(deviceAddress)

 headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
    'Accept-Language': 'en-US,en;q=0.5',
    # 'Accept-Encoding': 'gzip, deflate',
    'Connection': 'keep-alive',
    'Upgrade-Insecure-Requests': '1',
 }

 response = requests.get(deviceAddress, headers=headers,timeout=20)
 challenge = response.text.split("\"challenge\":\"")[1].split("\"")[0]

 #############################################################################
 # Example of challenge and response
 # "2$60000$c7d5abd7e19d7b8d71a3c6a35d661dbd$6000$7ca62c261d3448999ea7890ca4c136a2"
 # "7ca62c261d3448999ea7890ca4c136a2$7050db3360710f6f9d630ec6bbd074cba283a831379d4498e9f30ec0cef7dd50"

 t = challenge.split('$')
 iterations1 = int(t[1])
 salt1 = binascii.unhexlify(t[2])
 iterations2 = int(t[3])
 salt2 = binascii.unhexlify(t[4])

 passwd = password.encode("utf8")
 key = pbkdf2_hmac("sha256", passwd, salt1, iterations1, 32)
 key = pbkdf2_hmac("sha256", key, salt2, iterations2, 32)
 final = str.format('{0}${1}', t[4], key.hex())
 if (args.verbose):
    print(final)

 #############################################################################

 headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
    'Accept-Language': 'en-US,en;q=0.5',
    # 'Accept-Encoding': 'gzip, deflate',
    'Referer': deviceAddress,
    'Origin': deviceAddress,
    'Connection': 'keep-alive',
    'Upgrade-Insecure-Requests': '1',
 }

 data = {
    'response': final,
    'lp': '',
    'loginView': 'user',
    'username': '',
 }

 response = requests.post(str.format(
    "{0}{1}", deviceAddress, "index.lua"), headers=headers, data=data,timeout=20)
 sid = response.text.split("\"sid\":\"")[1].split("\"")[0]
 if (args.verbose):
    print(sid)

 #############################################################################

 headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0',
    'Accept': '*/*',
    'Accept-Language': 'en-US,en;q=0.5',
    # 'Accept-Encoding': 'gzip, deflate',
    'Referer': deviceAddress,
    'Origin': deviceAddress,
    'Connection': 'keep-alive',
 }

 data = {
    'xhr': '1',
    'sid': sid,
    'lang': 'en',
    'page': 'wSet',
    'xhrId': 'wlanDevices',
    'useajax': '1',
    'no_sidrenew': '',
 }

 response = requests.post(str.format(
    "{0}{1}", deviceAddress, args.pagename), headers=headers, data=data,timeout=20)

 if (args.verbose):
    print(response.text)
 for match in re.findall(args.regex, response.text):
    print(match)
	# Usage:
	# python3 login_getdata.py -p XXXXXXXXXX -ip 192.168.YYY.ZZZ -r '[^,],[^,]\"PC\-AAA\-BBB\-CCC\-DDD\".+?(?=\,\{\"uid)'

	import sys
	import os
	import binascii
	# pip install requests
	import requests
	import re
	from argparse import ArgumentParser
	# pip install backports.pbkdf2
	from backports.pbkdf2 import pbkdf2_hmac

	parser = ArgumentParser()
	parser.add_argument("-p", "--password", dest="password",
	type=str, help="Login password")
	parser.add_argument("-ip", "--address", dest="address",
	type=str, help="Device IP address")
	parser.add_argument("-d", "--pagename", dest="pagename", default="data.lua",
	type=str, help="The data to request. Example: data.lua")
	parser.add_argument("-v", "--verbose",
	help="increase output verbosity", action="store_true")
	parser.add_argument("-r", "--regex", dest="regex", default=".*",
	type=str, help="filter output using a regex")

	args = parser.parse_args()
	password = args.password
	deviceAddress = str.format("http://{0}/", args.address)
	if (args.verbose):
	print(deviceAddress)

	headers = {
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0',
	'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8',
	'Accept-Language': 'en-US,en;q=0.5',
	# 'Accept-Encoding': 'gzip, deflate',
	'Connection': 'keep-alive',
	'Upgrade-Insecure-Requests': '1',
	}

	response = requests.get(deviceAddress, headers=headers,timeout=20)
	challenge = response.text.split("\"challenge\":\"")[1].split("\"")[0]

	#############################################################################
	# Example of challenge and response
	# "2$60000$c7d5abd7e19d7b8d71a3c6a35d661dbd$6000$7ca62c261d3448999ea7890ca4c136a2"
	# "7ca62c261d3448999ea7890ca4c136a2$7050db3360710f6f9d630ec6bbd074cba283a831379d4498e9f30ec0cef7dd50"

	t = challenge.split('$')
	iterations1 = int(t[1])
	salt1 = binascii.unhexlify(t[2])
	iterations2 = int(t[3])
	salt2 = binascii.unhexlify(t[4])

	passwd = password.encode("utf8")
	key = pbkdf2_hmac("sha256", passwd, salt1, iterations1, 32)
	key = pbkdf2_hmac("sha256", key, salt2, iterations2, 32)
	final = str.format('{0}${1}', t[4], key.hex())
	if (args.verbose):
	print(final)

	#############################################################################

	headers = {
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0',
	'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8',
	'Accept-Language': 'en-US,en;q=0.5',
	# 'Accept-Encoding': 'gzip, deflate',
	'Referer': deviceAddress,
	'Origin': deviceAddress,
	'Connection': 'keep-alive',
	'Upgrade-Insecure-Requests': '1',
	}

	data = {
	'response': final,
	'lp': '',
	'loginView': 'user',
	'username': '',
	}

	response = requests.post(str.format(
	"{0}{1}", deviceAddress, "index.lua"), headers=headers, data=data,timeout=20)
	sid = response.text.split("\"sid\":\"")[1].split("\"")[0]
	if (args.verbose):
	print(sid)

	#############################################################################

	headers = {
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0',
	'Accept': '/',
	'Accept-Language': 'en-US,en;q=0.5',
	# 'Accept-Encoding': 'gzip, deflate',
	'Referer': deviceAddress,
	'Origin': deviceAddress,
	'Connection': 'keep-alive',
	}

	data = {
	'xhr': '1',
	'sid': sid,
	'lang': 'en',
	'page': 'wSet',
	'xhrId': 'wlanDevices',
	'useajax': '1',
	'no_sidrenew': '',
	}

	response = requests.post(str.format(
	"{0}{1}", deviceAddress, args.pagename), headers=headers, data=data,timeout=20)

	if (args.verbose):
	print(response.text)
	for match in re.findall(args.regex, response.text):
	print(match)