Petro1990
/
rProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rProxy/rci_auth.ps1

83 lines
3.4 KiB
PowerShell
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

$USER = "admin"
$PASS = "12985654"
$IP = "192.168.60.1"
Write-Host "=== Тест авторизации Keenetic RCI ($IP) ==="
# 1. Получение challenge и cookies
Write-Host "Step 1: Get challenge and session (cookies)..."
$cookie_file = "cookies.txt"
if (Test-Path $cookie_file) { Remove-Item $cookie_file }
$resp = curl.exe -s -i -c $cookie_file "http://$IP/auth"
$realm = ($resp | Select-String "X-NDM-Realm: (.*)" | ForEach-Object { $_.Matches.Groups[1].Value.Trim() })
$challenge = ($resp | Select-String "X-NDM-Challenge: (.*)" | ForEach-Object { $_.Matches.Groups[1].Value.Trim() })
if (-not $challenge) {
Write-Host "Error: Challenge not found in headers." -ForegroundColor Red
exit 1
}
Write-Host " Realm: $realm"
Write-Host " Challenge: $challenge"
# 2. Вычисление MD5
$md5 = [System.Security.Cryptography.MD5]::Create()
$h1_str = "${USER}:${realm}:${PASS}"
$h1_bytes = [System.Text.Encoding]::UTF8.GetBytes($h1_str)
$h1 = [System.BitConverter]::ToString($md5.ComputeHash($h1_bytes)).Replace("-", "").ToLower()
# 5. Перебор вариантов хеширования
Write-Host "Step 2: Brute-forcing Hash variants..."
$sha256 = [System.Security.Cryptography.SHA256]::Create()
$sha512 = [System.Security.Cryptography.SHA512]::Create()
$variants = @{
"SHA256(challenge + MD5)" = [System.BitConverter]::ToString($sha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes("${challenge}${h1}"))).Replace("-", "").ToLower()
"SHA256(MD5 + challenge)" = [System.BitConverter]::ToString($sha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes("${h1}${challenge}"))).Replace("-", "").ToLower()
"SHA512(challenge + MD5)" = [System.BitConverter]::ToString($sha512.ComputeHash([System.Text.Encoding]::UTF8.GetBytes("${challenge}${h1}"))).Replace("-", "").ToLower()
"SHA512(MD5 + challenge)" = [System.BitConverter]::ToString($sha512.ComputeHash([System.Text.Encoding]::UTF8.GetBytes("${h1}${challenge}"))).Replace("-", "").ToLower()
}
$rci_success = $false
foreach ($v_name in $variants.Keys) {
$v_hash = $variants[$v_name]
Write-Host "`n--- Testing Variant: $v_name ($v_hash) ---"
$json_payload = @{
login = $USER
password = $v_hash
} | ConvertTo-Json -Compress
$payload_file = "payload.json"
$json_payload | Out-File -FilePath $payload_file -Encoding utf8
Write-Host " Sending JSON POST to /auth..."
# Используем -b и -c для работы с куками, -d @file для JSON
$auth_resp = curl.exe -s -i -b $cookie_file -c $cookie_file -X POST -H "Content-Type: application/json" -d "@$payload_file" "http://$IP/auth"
$status = ($auth_resp | Select-String "HTTP/")
Write-Host " Status: $status"
if ($status -match "200 OK") {
Write-Host " SUCCESS! Auth accepted via JSON POST." -ForegroundColor Green
Write-Host " Testing RCI access..."
$rci = curl.exe -s -b $cookie_file "http://$IP/rci/system/hostname"
Write-Host " RCI Response: $rci"
if ($rci -match "hostname") {
$rci_success = $true
break
}
} else {
Write-Host " Failed with status: $status" -ForegroundColor Yellow
$auth_resp | Select-String "{" | ForEach-Object { Write-Host " Server response: $_" }
}
}
if ($rci_success) {
Write-Host "`nFINAL SUCCESS!" -ForegroundColor Green
} else {
Write-Host "`nFINAL FAILURE." -ForegroundColor Red
exit 1
}
Reference in New Issue View Git Blame Copy Permalink