!!!Note: This page was OBE by Linksys firware changes. See: my blog post on this
Intro
I run a Slackware 9.1 server at home for mail, & web services. It's hosted on the tail end of a DSL line and I maintain a Linksys WRT54gs as a router & wireless AP for my home. We also take advantage of the parental control (pc) software that Linksys OEMs from Netopia.
The problem: Whenever I restart my router, I have to login to pc so the server can access mail (port 25) and external web sites (80 & 443) (for my automatic zoneedit DNS updates).
The solution: I hope to figure out how to post the login information via a script. This page will collect my starts, restarts and (hopefully) successes.
What this is not: A hack to get around the pc controls. You will still need a valid and password to login.
{TOC}
Data collection
the login page
The first thing I did was take the Login page (see attached login.jsp) and opened it to see what I could find. There's a bunch of javascript and more importantly the FORM information.
Here's the pertinent info:
<form name='loginform' method='POST' action='/config/ls002r8/login.elm?selected=_
/app/artemisconfigserver/login.elm/26' target=''>
<input type=hidden name=nssredirect>
<input type="hidden" name="_actionName" >
<input type="hidden" name="_targetFullID" >
<input type=hidden name=showpopup value="true" >
<input type=hidden name=cookiepopupexpire value="604800" >
<input type=hidden name=SIG value="82DB5B1F0B30FE2554E1A4D26BDEA360" >
<input type=hidden name=NONCE value="7915345E0416002F" >
<input type=hidden name=REASON value="3" >
<input type=hidden name=USERID value="4091" >
<input type=hidden name=CAT1 value="null" >
<input type=hidden name=CAT2 value="null" >
<input type=hidden name=URL value="null" >
<input type="hidden" name="clientTime">
<select class=loginfontmed name=user_list size=8 style=width:250px>
<option value="0006" >Caolinn</option>
<option value="0003" selected >Greg</option>
<option value="0002" >Guest</option>
<option value="0005" >Kyle</option>
<option value="0004" >Priscilla</option>
<option value="0099" >Server</option>
</select>
<span ><input type=radio name=times_list value="3600" onClick="" >1 Hour </span>
<span ><input type=radio name=times_list value="43200" onClick="" >12 Hours </span>
<span ><input type=radio name=times_list value="0" checked onClick="" >Never - I will sign out manually </span>
<span id="spancheckbox" style="visibility: hidden" >
<span >Enter your password (if required)</span>
<input type=password name=password value="" onChange="Changed()" maxlength=15 >
document.loginform.password.focus();
if((isIE() && parseFloat(version) >= 4) || (isNS() && parseFloat(version) >= 5))
{
document.write("<input type=hidden name=input_loginbtn />< name=loginbtn tabindex=0 onclick=\"submitLogin()\" />");
} else {
document.write("<input type=button name=loginbtn value='Sign in' onclick=\"submitLogin()\" class=button>");
}
if((isIE() && parseFloat(version) >= 4) || (isNS() && parseFloat(version) >= 5))
{
document.write("<input type=hidden name=input_logout /><name=logout onclick=\"setAction
(this, 'logout', '/app/artemisconfigserver/login.elm/26')\" />");
} else {
document.write("<input type=button name=logout value='Sign out' onclick=\"setAction(this, 'logout',_
'/app/artemisconfigserver/login.elm/26')\" class=button>");
}
<input type="hidden" name="__action_1" value="defaultActionName=setartemisuser&target=/app/artemisconfigserver/login.elm/26">
<input type="hidden" name="NONCE_bindings" value="__action_1">
<input type="hidden" name="password_bindings" value="__action_1">
<input type="hidden" name="user_list_bindings" value="__action_1">
<input type="hidden" name="USERID_bindings" value="__action_1">
<input type="hidden" name="CAT1_bindings" value="__action_1">
<input type="hidden" name="REASON_bindings" value="__action_1">
<input type="hidden" name="popupchkbox_bindings" value="__action_1">
<input type="hidden" name="SIG_bindings" value="__action_1">
<input type="hidden" name="CAT2_bindings" value="__action_1">
<input type="hidden" name="URL_bindings" value="__action_1">
<input type="hidden" name="times_list_bindings" value="__action_1">
<input type="hidden" name="cookiepopupexpire_bindings" value="__action_1">
<input type="hidden" name="showpopup_bindings" value="__action_1">
<input type="hidden" name="_actionName_bindings" value="__action_1">
<input type="hidden" name="_targetFullID_bindings" value="__action_1">
</form>
A couple observations:
- The userids are actually numeric values. (I've modified these from the original for my security). Based on the sequential nature of the IDs I created the first day and the jump to the Server ID which I created weeks later, it looks like Linksys simply assigns the next numberic value when an ID is created.
- There are several values SIG, NONCE that appear to be generated when the page is requested. I suspect this is a security measure. The implication is probably that we'll have to request the login page and scrape those values from it for submission with our post.
- There is a script associated with clicking the login button called submitLogin() which we'll need to understand.
Research:
- I did dome looking at lunch today. Looks like curl may be the way to go. I found this forum thread: (cache) (at the cURL Home page (cache)) that discusses how to capture the form post to your local machine. This one with a methodology (cache)I tried it, but only had a "Sign out" version of the script saved. I'm looking for formfind.pl so we can run it against the page.
Using the method from the cURL newgroups, I modified the login page (see login.htm attached) to post to a local port. I used netcat to capture that port ('nc -lp 2111>post.txt'). The output is attached as post.htm. Here's a snippet:
POST /config/ls002r8/login.elm?selected=/app/artemisconfigserver/login.elm/26 HTTP/1.1 application/msword, */* Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Content-Length: 1042 Cookie: sid=1eb85b9286ab032af9233dfda945407d nssredirect=&_actionName=loginuser&_targetFullID=%2Fapp%2Fartemisconfigserver%2Flogin.elm%2F26& SIG=A2228339B948E2651480A1DED22A132E&NONCE=71AF0BD90423000B
;){kind=link}
;){kind=link}