Why i can't login to my router using curl -d option?

#1

the curl command that is used to login

curl "http://192.168.1.1/" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --data "frashnum=^&action=login^&Frm_Logintoken=9^&Username=admin^&Password=admin" --compressed 

BTW --compressed doesn’t work so i remove it before i enter the command enter image description here

the curl commands before login

curl "http://192.168.1.1/" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "DNT: 1" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --compressed 
curl "http://192.168.1.1/css/login.css" -H "DNT: 1" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/css,*/*;q=0.1" -H "Referer: http://192.168.1.1/" -H "Connection: keep-alive" --compressed 
curl "http://192.168.1.1/css/styleen.css" -H "DNT: 1" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/css,*/*;q=0.1" -H "Referer: http://192.168.1.1/" -H "Connection: keep-alive" --compressed 

after login

curl "http://192.168.1.1/" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --data "frashnum=^&action=login^&Frm_Logintoken=9^&Username=admin^&Password=admin" --compressed 
curl "http://192.168.1.1/start.ghtml" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --compressed 
curl "http://192.168.1.1/top.gch" -H "Connection: keep-alive" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/start.ghtml" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --compressed 
curl "http://192.168.1.1/template.gch" -H "Connection: keep-alive" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" -H "Referer: http://192.168.1.1/start.ghtml" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: en-US,en;q=0.9,ar;q=0.8" --compressed 

important note

the Frm_Logintiken is a token generated by the router and it basically increment by one on each successful login!

although i change it as the router page does the command still doesn’t work !

the response is the same every time like it just process the first part of the command curl "http://192.168.1.1/"

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>&#90;&#88;&#72;&#78;&#32;&#72;&#49;&#48;&#56;&#78;&#32;&#86;&#50;&#46;&#53;</title>
<LINK REL="stylesheet" HREF="css/login.css" TYPE="text/css" />
<LINK REL="stylesheet" HREF="css/styleen.css" TYPE="text/css" />
<script>

function getObj(id)
{
return(document.getElementById(id));
}
var SetTFlag = 0;
var maxtime;
var interval;
function setTime()
{
if(window.name>=60 || window.name<0 || window.name=="")
{
maxtime = Math.min(60, 0 + 60 - 800881);
}
else
{
maxtime = window.name;
}
if(maxtime>=0)
{
seconds = maxtime;
getObj("time").innerHTML=seconds+" secs";
if (maxtime == 0)
{
setDisable();
SetTFlag =0;
window.name="";
if(interval)
{
clearInterval(interval);
interval = 0;
}
}
else
{
--maxtime;
SetTFlag = 1;
window.name = maxtime;
}
}
}
function setinner(type)
{
if (SetTFlag ==0)
{
getObj("myLayer").style.visibility = type ;
}
}
function Transfer_meaning(id,value)
{
getObj(id).value=value;
}
function ChangeLang()
{
var lang = "English";
getObj("_lang").disabled = false;
getObj("Frm_Username").disabled = true;
getObj("Frm_Password").disabled = true;
if(true != getObj("TestLang01").disabled)
{
if ("English" == lang)
{
getObj("_lang").value = "Chinese";
}
else if ("Chinese" == lang)
{
getObj("_lang").value = "English";
}
getObj("action").value = "setlang";
getObj("Frm_Username").disabled = true;
getObj("Frm_Password").disabled = true;
getObj("LoginId").disabled = true;
document.fLogin.submit();
}
}
</script>
</head>

<body>
<div id="container">
<div id="myLayer" onmousedown="setinner('hidden')" style="position:absolute; width:185px; height:91px; z-index:9; right: 50px; top: 140px; background: url(img/pop_up.gif) no-repeat; border: 1px none #000000; visibility: hidden;">
<div id="Layer1" style="position:absolute; width:180px; height:45px; z-index:10; left: 2px; top: 28px;">
<table width="183" border="0">
<tr>
<td width="183">&nbsp;&nbsp;<font id="errmsg" class="notecontent" ></font><span id="time" style="color:red;display:none;"></span></td>
</tr>
</table>
</div>
<div id="Layer3" style="position:absolute; width:140px; height:10px; z-index:11; left: 34px; top: 9px; font-size: 8pt;">
<font  class="note" id="errnote">&nbsp;Error</font>
</div>
</div>
<!--head▓┐╖╓┐¬╩╝-->
<div id="head">
<div class="type"><font id="">&#90;&#88;&#72;&#78;&#32;&#72;&#49;&#48;&#56;&#78;&#32;&#86;&#50;&#46;&#53;</font></div>
<div id="banner" style="background-image:url(img/banner.gif); background-repeat:no-repeat"></div>
</div>
<!--head▓┐╖╓╜ß╩°-->
<!--content▓┐╖╓┐¬╩╝-->
<div id="loginArea">
<form name="fLogin" id="fLogin" method="post"  onsubmit="return false;" action="">
<input type="hidden" name="_lang" id="_lang" value="" disabled>
<input type="hidden" name="frashnum" id="frashnum" value="">
<input type="hidden" name="action" id="action" value="login">
<input type="hidden" name="Frm_Logintoken" id="Frm_Logintoken" value="">
<!--─┌╚▌┐¬╩╝-->
<div class="login_frame">
<ul class="login_title">
<li class="login_title_left"></li>
<li class="login_title_center">Please login to continue...</li>

<li class="login_title_right"></li>
</ul>
<div class="content login_content">
<ul class="login_blank"></ul>
<ul class="login_ul_1">
<li class="login_li_1"><span>Username</span></li>
<li class="login_li_2">
<input type="text" class="username" name="Username" id="Frm_Username">
</li>
</ul>
<ul class="login_blank"></ul>
<ul class="login_ul_1">
<li class="login_li_1"><span>Password</span></li>
<li class="login_li_2">
<input type="password" class="password" name="Password"  id="Frm_Password">
</li>
<li class="login_li_3">
<input class="login" type="submit"  id="LoginId"  value="Login"  onclick="dosubmit()">
</li>
</ul>
</div>
</div>
<!--─┌╚▌╜ß╩°-->
</form>
</div>
<!--bottom▓┐╖╓┐¬╩╝-->

<div style="font-family: Arial;font-size: 12px;text-align:center;"> &copy; 2008-2015 ZTE Corporation. All rights reserved </div>

<div class="bottom_line"></div>
<div id="bottomx"></div>
<!--bottom▓┐╖╓╜ß╩°-->
</div>
</body>
</html>
<script>

window.name="";

function SetDisabled()
{
getObj("errmsg").innerHTML = "You have input the wrong username or password for three times. Please try again a minute later.";
getObj("Frm_Username").disabled = true;
getObj("Frm_Password").disabled = true;
getObj("LoginId").disabled = true;

getObj("myLayer").style.visibility = "visible" ;
getObj("time").style.display = "" ;
interval = setInterval("setTime()",1000);
}
function setDisable()
{
if (SetTFlag == 1)
{
getObj("Frm_Username").disabled = false;
getObj("Frm_Password").disabled = false;
getObj("LoginId").disabled = false;

getObj("time").style.display = "none";
getObj("myLayer").style.visibility = "hidden";
}
}
function dosubmit()
{
if (getObj("Frm_Username").value == "")
{
getObj("errmsg").innerHTML = "Username cannot be empty.";
getObj("myLayer").style.visibility = "visible" ;
return;
}
else
{
getObj("LoginId").disabled = true;
getObj("Frm_Logintoken").value = "16";
document.fLogin.submit();
}
}
</script>

request headers from the browser developers tools network tap

POST / HTTP/1.1
Host: 192.168.1.1
Connection: keep-alive
Content-Length: 77
Cache-Control: max-age=0
Origin: http://192.168.1.1
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://192.168.1.1/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,ar;q=0.8

response from the browser developers tools network tap

HTTP/1.1 302 Moved Temporarily
Server: Mini web server 1.0 ZTE corp 2005.
Content-Type: text/html; charset=iso-8859-1
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
Content-Length: 0
Location: /start.ghtml
0 Likes

#2

Actually you have an answer.

the installed libcurl version doesn't support this

You should to replace libcurl.dll

0 Likes

#3

Your response header tells you it received a redirect. You have not supplied curl with the correct command line flag (-L) to indicate you want it to follow redirects.

See the manual for curl.

0 Likes

#4

thanks dude i found it out i just needed to remove the ^ from the last line !
just like this

-d “frashnum=&action=login&Frm_Logintoken=25&Username=admin&Password=admin”

but i still have one problem
How can i use -X post to enable an ssid and click submit ?

<option value="IGD.LD1.WLAN2" id="Frm_SSID_SET1">SSID2</option>
<tr id="ssidenable">
<td class="td1">Enable SSID</td>
<td class="td2"><input name="" type="checkbox" value="" checked="checked" id="Frm_Enable" onclick="ESSID_Enable()"></td>
</tr>


the submit button

<input name="Submit" type="button" id="Btn_Submit" onclick="pageSubmit()" class="button" value=" Submit

The command i got from network tap is a huge junk and doesn’t work !

curl "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch^&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC^&IF_ERRORPARAM=SUCC^&IF_ERRORTYPE=-1^&IF_CONFIGTAG=Y^&IF_ACTION=apply^&WLAN_INSTNUM=4^&WLAN_SSID0=IGD.LD1.WLAN1^&WLAN_SSID1=IGD.LD1.WLAN2^&WLAN_SSID2=IGD.LD1.WLAN3^&WLAN_SSID3=IGD.LD1.WLAN4^&IF_SSIDATTR1=0^&IF_SSIDATTR2=0^&IF_SSIDATTR3=0^&IF_SSIDATTR4=0^&IF_VIEWID=IGD.LD1.WLAN2^&SettingStatus=CurruntSetting^&CardIsIn=1^&MaxInterface=4^&DeviceMode=InfrastructureAccessPoint^&CardMode=b^%^2Cg^%^2Cn^%^2Cbg^%^2Cgn^%^2Cbgn^&CardRev=0^&Class=255^&PID=33169^&VID=4332^&ValidIf=1^&Enable=1^&RadioStatus=NULL^&Standard=NULL^&BeaconInterval=NULL^&RtsCts=NULL^&Fragment=NULL^&DTIM=NULL^&TxPower=NULL^&CountryCode=NULL^&TxRate=NULL^&Channel=NULL^&ESSID=12345^&ESSIDPrefix=NULL^&ACLPolicy=NULL^&BeaconType=NULL^&WEPAuthMode=NULL^&WEPEncryptionLevel=NULL^&WEPKeyIndex=NULL^&WPAAuthMode=NULL^&WPAEncryptType=NULL^&WPAGroupRekey=NULL^&WPAEAPServerIp=NULL^&RadiusPort=NULL^&RadiusServerPort=NULL^&WPAEAPSecret=NULL^&PossibleChannels=NULL^&BasicDataRates=NULL^&OpDataRates=NULL^&PossibleTxRates=NULL^&OOBAccessEnabled=NULL^&BeaconEnabled=NULL^&ESSIDHideEnable=1^&RegulatoryDomain=NULL^&WlanMode=NULL^&DistanceFromRoot=NULL^&PeerBSSID=NULL^&AuthServiceMode=NULL^&QosType=NULL^&Priority=1^&UAPSDEnabled=NULL^&AutoChannelEnabled=NULL^&ChannelsInUse=NULL^&11iAuthMode=NULL^&11iEncryptType=NULL^&MaxUserNum=32^&SSIDIsolationEnable=NULL^&VapIsolationEnable=0^&Band=2.4G^&11nMode=1^&BandWidth=20Mhz^&SideBand=Lower^&11nRate=Auto^&SGIEnabled=0^&GreenField=0^&WdsMode=WDS_Disable^&Tx2Path=1^&IsPublicWiFiInterface=NULL^&MasterAuthServerIp=0.0.0.0^&MasterAuthServerPort=0^&MasterAuthServerSecret=^&Name=wlan0^&RealRF=1^&ChannelInUsed=8^&TxRateInUsed=Auto^&Bssid=54^%^3Abe^%^3A53^%^3A6a^%^3Af6^%^3Ac0^&IfStatus=Up^&UAPSDSupported=1^&WMMSupported=1^&TotalAssociations=4^&TotalBytesSent=2246220234^&TotalBytesReceived=3268409714^&TotalPacketsSent=22743088^&TotalPacketsReceived=14280169^&ErrorsSent=3057^&ErrorsReceived=0^&NonUnicastPacketsReceived=0^&UnicastPacketsSent=97163073747419137^&UnicastPacketsReceived=61100857587924993^&DiscardPacketsSent=8137^&DiscardPacketsReceived=68^&TotalPSKFailures=66^&TotalIntegrityFailures=6^&NumEasyPair=0^&ConnectStatus=Disconnected^&SingalQuality=0^&SingalStrength=0^&_SESSION_TOKEN=2714922195119803" --compressed

can i clear it do to just Includes only the option ?

0 Likes

#5

0 Likes

#6

Yes, that’s because that time you pointed at “/start.ghtml”. The first time you showed a request/response trying to get “/”, which is why you got the 302.

A checkbox that is not checked simply does not get sent as part of the data.
Your checkbox has no name, however, so you’ll have to investigate the javascript function ESSID_Enable() to see what it actually does.

0 Likes

#7

i have tried the first one in the first and it worked too

the full html of the ssid page

ZXHN H108N V2.5 * { margin: 0 0 0 0; padding: 0; } html {min-height:101%;} body { background-color:#fff; } .body_ta { background: url("../img/user_bg_1px.gif") repeat scroll 0 0 #fff; margin: 0 auto; padding-top: 0; width: 100%; } * { -webkit-user-select: auto !important; /* injected by RightToCopy */ }

"investigate the javascript function "

how can i do this ?

0 Likes

#8

except you haven’t looked at the return you got from that, it didnt ‘work’, it redirected you :stuck_out_tongue:

find the definition of function EnableESSID(), it’ll be somewhere in that page’s code (or in one of the included files). Alternatively, submit the form both without the box ticked, and with, and see what difference it makes to the submitted data.

0 Likes

#9

as you like but i meant it worked just like the web browser

would this help ?

" find the definition of function EnableESSID() "
i didn’t find it … in the files
but in page code

due that new users can only post two links
https://ghostbin.com/paste/hdn33

0 Likes

#10

the not checked vs checked

0 Likes

#11

i don’t think that there is important differences than the ssid is in the checked box part only

0 Likes

#12

well i’d call the “ESSID=NULL” turning into “ESSID=12345” is pretty important…not sure about MaxUserNum or VapIsolationEnable… ChannelInUsed maybe?

0 Likes

#13

Maybe .

But what do we have left to try ?

And see you tomorrow it’s late here
Have a good day/night

0 Likes

#14

m_hutley

any ideas or should i open a a new issue with this title how can i check a check box with curl ?

huh ? what do you think

0 Likes

#15

edit i got the command working by removing every ^ from it :smile:

1 Like