From 4f5cc68508f1d9f8bfb872e22bd8026bc4e7bd40 Mon Sep 17 00:00:00 2001
From: Shihaam Abdul Rahman <shihaam@shihaam.me>
Date: Mon, 29 May 2023 01:11:30 +0500
Subject: [PATCH] i have more questions than answers

---
 routerapi3.sh | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100755 routerapi3.sh

diff --git a/routerapi3.sh b/routerapi3.sh
new file mode 100755
index 0000000..91db7d6
--- /dev/null
+++ b/routerapi3.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+source .env
+dependency_check(){
+	for DEPENDENCY; do
+		if ! command -v "$DEPENDENCY" 1>/dev/null; then
+			printf "%s not found. Please install it.\n" "$DEPENDENCY" >&2
+			exit 2
+		fi
+		done
+	unset DEPENDENCY
+}
+
+csrf_token(){
+home_html=$(curl -s -c .cookie $ROUTER_ADDRESS/html/home.html)
+csrf_token1=$(echo $home_html | htmlq 'meta[name="csrf_token"]' --attribute content | head -n1)
+csrf_token2=$(echo $home_html | htmlq 'meta[name="csrf_token"]' --attribute content | tail -n1)
+}
+
+gen_first_nonce(){
+first_nonce=$(head /dev/urandom | tr -dc A-Za-z0-9  | sha256sum | awk '{print $1}')
+}
+webserver_token(){
+token=$(curl -b .cookie  'http://192.168.1.1/api/webserver/token' \
+  -H 'Accept: */*' \
+  -H 'Accept-Language: en-US,en' \
+  -H 'Connection: keep-alive' \
+  -H 'Referer: http://192.168.1.1/html/home.html' \
+  -H 'Sec-GPC: 1' \
+  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
+  -H 'X-Requested-With: XMLHttpRequest' \
+  -H '_ResponseSource: Broswer' \
+  --compressed \
+  --insecure | xmlstarlet sel -t -v "/response/token")
+
+#token=$(curl -s -b .cookie $ROUTER_ADDRESS/api/webserver/token | xmlstarlet sel -t -v "/response/token")
+
+token_start=$(echo "${token::${#token}-32}")
+token_end=$(echo ${token:32})
+
+}
+
+challenege_login(){
+curl -s -b .cookie "$ROUTER_ADDRESS/api/user/challenge_login" \
+  -H "Origin: $ROUTER_ADDRESS" \
+  -H "Referer: $ROUTER_ADDRESS/html/home.html" \
+ -H 'X-Requested-With: XMLHttpRequest' \
+  -H "_ResponseSource: Broswer" \
+  -H '__RequestVerificationToken: "${token_end}"' \
+  --data-raw '<?xml version="1.0" encoding="UTF-8"?><request><username>admin</username><firstnonce>${first_nonce}</firstnonce><mode>1</mode></request>'
+}
+
+
+#exec oder
+dependency_check "htmlq" "xmlstarlet" "tail" "head" "curl"
+webserver_token
+gen_first_nonce
+challenege_login
+
+# debug
+echo ""
+echo ""
+echo ""
+echo ""
+echo ' mmmm   mmmmmm mmmmm  m    m   mmm   '
+echo ' #   "m #      #    # #    # m"   "  '
+echo ' #    # #mmmmm #mmmm" #    # #   mm  '
+echo ' #    # #      #    # #    # #    #  '
+echo ' #mmm"  #mmmmm #mmmm" "mmmm"  "mmm"  '
+echo ""
+echo "full token:	${token}"
+echo "token:		${token_start}${token_end}"
+echo "token_start:	${token_start}"
+echo "token_end:					$token_end"
+echo "first_nonce:	$first_nonce"
+