Loading...
 

LinksysParentalControlLogin

!!!Note: This page was OBE by Linksys firware changes. See: my blog post on this

Intro

I run a Slackware 9.1 server at home for mail, & web services. It's hosted on the tail end of a DSL line and I maintain a Linksys WRT54gs as a router & wireless AP for my home. We also take advantage of the parental control (pc) software that Linksys OEMs from Netopia.

The problem: Whenever I restart my router, I have to login to pc so the server can access mail (port 25) and external web sites (80 & 443) (for my automatic zoneedit DNS updates).

The solution: I hope to figure out how to post the login information via a script. This page will collect my starts, restarts and (hopefully) successes.

What this is not: A hack to get around the pc controls. You will still need a valid and password to login.
{TOC}


Data collection

the login page

The first thing I did was take the Login page (see attached login.jsp) and opened it to see what I could find. There's a bunch of javascript and more importantly the FORM information.

Here's the pertinent info:

<form name='loginform' method='POST' action='/config/ls002r8/login.elm?selected=_
                                                      /app/artemisconfigserver/login.elm/26' target=''>
<input type=hidden name=nssredirect>
<input type="hidden" name="_actionName" >
<input type="hidden" name="_targetFullID" >

  <input type=hidden name=showpopup value="true" >
  <input type=hidden name=cookiepopupexpire value="604800" >
  <input type=hidden name=SIG value="82DB5B1F0B30FE2554E1A4D26BDEA360" >
  <input type=hidden name=NONCE value="7915345E0416002F" >
  <input type=hidden name=REASON value="3" >
  <input type=hidden name=USERID value="4091" >
  <input type=hidden name=CAT1 value="null" >
  <input type=hidden name=CAT2 value="null" >
  <input type=hidden name=URL value="null" >
  <input type="hidden" name="clientTime">

<select class=loginfontmed name=user_list size=8 style=width:250px>
<option value="0006" >Caolinn</option>
<option value="0003"  selected >Greg</option>
<option value="0002" >Guest</option>
<option value="0005" >Kyle</option>
<option value="0004" >Priscilla</option>
<option value="0099" >Server</option>
</select>

<span ><input type=radio name=times_list value="3600" onClick="" >1 Hour </span>
<span ><input type=radio name=times_list value="43200" onClick="" >12 Hours </span>
<span ><input type=radio name=times_list value="0" checked onClick="" >Never - I will sign out manually </span>


<span id="spancheckbox" style="visibility: hidden" >
<span >Enter your password (if required)</span>
<input type=password name=password value="" onChange="Changed()" maxlength=15 >


      
document.loginform.password.focus();
      
     if((isIE() && parseFloat(version) >= 4) || (isNS() && parseFloat(version) >= 5))
      {
        document.write("<input type=hidden name=input_loginbtn />< name=loginbtn tabindex=0 onclick=\"submitLogin()\" />");
      } else {
        document.write("<input type=button name=loginbtn value='Sign in' onclick=\"submitLogin()\" class=button>");
      }
    
      
      if((isIE() && parseFloat(version) >= 4) || (isNS() && parseFloat(version) >= 5))
      {
        document.write("<input type=hidden name=input_logout /><name=logout onclick=\"setAction
(this, 'logout', '/app/artemisconfigserver/login.elm/26')\" />"); 
      } else {
        document.write("<input type=button name=logout value='Sign out' onclick=\"setAction(this, 'logout',_
'/app/artemisconfigserver/login.elm/26')\" class=button>"); 
      }
     
      
      
<input type="hidden" name="__action_1" value="defaultActionName=setartemisuser&target=/app/artemisconfigserver/login.elm/26">
<input type="hidden" name="NONCE_bindings" value="__action_1">
<input type="hidden" name="password_bindings" value="__action_1">
<input type="hidden" name="user_list_bindings" value="__action_1">
<input type="hidden" name="USERID_bindings" value="__action_1">
<input type="hidden" name="CAT1_bindings" value="__action_1">
<input type="hidden" name="REASON_bindings" value="__action_1">
<input type="hidden" name="popupchkbox_bindings" value="__action_1">
<input type="hidden" name="SIG_bindings" value="__action_1">
<input type="hidden" name="CAT2_bindings" value="__action_1">
<input type="hidden" name="URL_bindings" value="__action_1">
<input type="hidden" name="times_list_bindings" value="__action_1">
<input type="hidden" name="cookiepopupexpire_bindings" value="__action_1">
<input type="hidden" name="showpopup_bindings" value="__action_1">
<input type="hidden" name="_actionName_bindings" value="__action_1">
<input type="hidden" name="_targetFullID_bindings" value="__action_1">

</form>

A couple observations:

  • The userids are actually numeric values. (I've modified these from the original for my security). Based on the sequential nature of the IDs I created the first day and the jump to the Server ID which I created weeks later, it looks like Linksys simply assigns the next numberic value when an ID is created.
  • There are several values SIG, NONCE that appear to be generated when the page is requested. I suspect this is a security measure. The implication is probably that we'll have to request the login page and scrape those values from it for submission with our post.
  • There is a script associated with clicking the login button called submitLogin() which we'll need to understand.


Research:


Using the method from the cURL newgroups, I modified the login page (see login.htm attached) to post to a local port. I used netcat to capture that port ('nc -lp 2111>post.txt'). The output is attached as post.htm. Here's a snippet:

POST /config/ls002r8/login.elm?selected=/app/artemisconfigserver/login.elm/26 HTTP/1.1
application/msword, */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Content-Length: 1042
Cookie: sid=1eb85b9286ab032af9233dfda945407d

nssredirect=&_actionName=loginuser&_targetFullID=%2Fapp%2Fartemisconfigserver%2Flogin.elm%2F26&
SIG=A2228339B948E2651480A1DED22A132E&NONCE=71AF0BD90423000B

Created by gmartin. Last Modification: Thursday 29 of December, 2005 00:16:02 EST by gmartin.