intrd · March 9, 2022 09:15 · intrd · Mar 7, 2022
diff --git a/mitrastar_ipchanger.sh b/mitrastar_ipchanger.sh
 ## VIVO FIBRA MitraStar GPT - IP changer / reboot one-liner (authd xpl)
 # Successfully tested on MitraStar GPT-2541 and 2741. No SSH access required.
 # Author: [email protected]

 # YoU WouLdn't ReBooT My RoUtEr.. they said? CHALLENGE ACCEPTED!

 # Install Node.js (sudo apt install nodejs), required to calculate sessionKey from CLI; 
 # Edit LOGIN/PASSWORD, IP_ROUTER and run: ./mitrastar_ipchanger.sh

 # It will extract the JS and SID from router, process the JS with w/ node, trigger the reboot and change ip.

 LOGIN="admin"; PASSWORD="12345"; IP_ROUTER="192.168.15.1"; curl -s "http://$IP_ROUTER/login_frame.html" | awk '/var hexcase/,/\$\(document/' | grep -va script|grep -v "(document)" > /tmp/sessionCalc.js; echo -e "var readline = require('readline');\nvar rl = readline.createInterface({\n  input: process.stdin,\n  output: process.stdout,\n  terminal: false\n});\n\nrl.on('line', function(line){\n    //console.log(line);\n	var username = \"$LOGIN\"\n	var passwd = \"$PASSWORD\";\n	passwd=hex_md5(line+\":\"+passwd);\n	var string = username + ':' + passwd;\n	var encodedData = base64.encode( string );\n	console.log(encodedData);\n})\n" >> /tmp/sessionCalc.js; SID=$(curl -s "http://$IP_ROUTER/login_frame.html" |grep -oP "(?<=sid \= \").*(?=\")"|head -n1|node /tmp/sessionCalc.js); SESSION=$(curl -i -s -k -X $'POST'     -H $"Host: $IP_ROUTER" -H $'Content-Length: 80' -H $'Cache-Control: max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H $"Origin: http://$IP_ROUTER" -H $'Content-Type: application/x-www-form-urlencoded' -H $'User-Agent: intrd' -H $'Accept: text/html,application/xhtml+xml,application/xml' -H $"Referer: http://$IP_ROUTER/login_frame.html" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.1' -H $'Connection: close'     --data-binary $"sessionKey=$SID&user=admin&pass="     $"http://$IP_ROUTER/login-login.cgi"|grep -oP "(?<=SESSION=).*(?=\;)"|cut -d ";" -f1); SKEY=$(curl -i -s -k -X $'GET' \
    -H $"Host: $IP_ROUTER" -H $'Upgrade-Insecure-Requests: 1' -H $'User-Agent: intrd' -H $'Accept: text/html,application/xhtml+xml,application/xml' -H $"Referer: http://$IP_ROUTER/webs/device-management-resets.html" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.1' -H $'Connection: close' \
    -b $"SESSION=$SESSION" \
    $"http://$IP_ROUTER/webs/popup-reboot.html"|grep -oP "(?<=sessionKey\=').*(?=')"); curl -i -s -k -X $'GET' \
    -H $"Host: $IP_ROUTER" -H $'Upgrade-Insecure-Requests: 1' -H $'User-Agent: intrd' -H $'Accept: text/html,application/xhtml+xml,application/xml' -H $"Referer: http://$IP_ROUTER/webs/popup-reboot.html" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.1' -H $'Connection: close' \
    -b $"SESSION=$SESSION" \
    $"http://$IP_ROUTER/webs/device-management-rebootinfo-none.cgi?sessionKey=$SKEY"
	## VIVO FIBRA MitraStar GPT - IP changer / reboot one-liner (authd xpl)
	# Successfully tested on MitraStar GPT-2541 and 2741. No SSH access required.
	# Author: [email protected]

	# YoU WouLdn't ReBooT My RoUtEr.. they said? CHALLENGE ACCEPTED!

	# Install Node.js (sudo apt install nodejs), required to calculate sessionKey from CLI;
	# Edit LOGIN/PASSWORD, IP_ROUTER and run: ./mitrastar_ipchanger.sh

	# It will extract the JS and SID from router, process the JS with w/ node, trigger the reboot and change ip.

	LOGIN="admin"; PASSWORD="12345"; IP_ROUTER="192.168.15.1"; curl -s "http://$IP_ROUTER/login_frame.html" \| awk '/var hexcase/,/\$\(document/' \| grep -va script\|grep -v "(document)" > /tmp/sessionCalc.js; echo -e "var readline = require('readline');\nvar rl = readline.createInterface({\n input: process.stdin,\n output: process.stdout,\n terminal: false\n});\n\nrl.on('line', function(line){\n //console.log(line);\n var username = \"$LOGIN\"\n var passwd = \"$PASSWORD\";\n passwd=hex_md5(line+\":\"+passwd);\n var string = username + ':' + passwd;\n var encodedData = base64.encode( string );\n console.log(encodedData);\n})\n" >> /tmp/sessionCalc.js; SID=$(curl -s "http://$IP_ROUTER/login_frame.html" \|grep -oP "(?<=sid \= \").(?=\")"\|head -n1\|node /tmp/sessionCalc.js); SESSION=$(curl -i -s -k -X $'POST' -H $"Host: $IP_ROUTER" -H $'Content-Length: 80' -H $'Cache-Control: max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H $"Origin: http://$IP_ROUTER" -H $'Content-Type: application/x-www-form-urlencoded' -H $'User-Agent: intrd' -H $'Accept: text/html,application/xhtml+xml,application/xml' -H $"Referer: http://$IP_ROUTER/login_frame.html" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.1' -H $'Connection: close' --data-binary $"sessionKey=$SID&user=admin&pass=" $"http://$IP_ROUTER/login-login.cgi"\|grep -oP "(?<=SESSION=).(?=\;)"\|cut -d ";" -f1); SKEY=$(curl -i -s -k -X $'GET' \
	-H $"Host: $IP_ROUTER" -H $'Upgrade-Insecure-Requests: 1' -H $'User-Agent: intrd' -H $'Accept: text/html,application/xhtml+xml,application/xml' -H $"Referer: http://$IP_ROUTER/webs/device-management-resets.html" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.1' -H $'Connection: close' \
	-b $"SESSION=$SESSION" \
	$"http://$IP_ROUTER/webs/popup-reboot.html"\|grep -oP "(?<=sessionKey\=').*(?=')"); curl -i -s -k -X $'GET' \
	-H $"Host: $IP_ROUTER" -H $'Upgrade-Insecure-Requests: 1' -H $'User-Agent: intrd' -H $'Accept: text/html,application/xhtml+xml,application/xml' -H $"Referer: http://$IP_ROUTER/webs/popup-reboot.html" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.1' -H $'Connection: close' \
	-b $"SESSION=$SESSION" \
	$"http://$IP_ROUTER/webs/device-management-rebootinfo-none.cgi?sessionKey=$SKEY"