2019-10-20 - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem

Header Data

From: Sergen Çolak <se***7@gmail.com>
Message Hash: 0051ec8596faf51bc0abe366ce561cbd79df5b60d6fe399941f4295063da073b
Message ID: <CAFb3bYD+5MpmvBFLXsrfph=S5uEfBUdz4Wvax44iObT7jK84jQ@mail.gmail.com>
Reply To: <CAESLx0+oTs5YO7qX4ykDD21GfzKT3-yuKFAp5S0R0ippvnyu8g@mail.gmail.com>
UTC Datetime: 2019-10-20 23:50:37 UTC
Raw Date: Mon, 21 Oct 2019 09:50:37 +0300

Raw message

Thank you for your quick response, Tim.
I don't use the Javascript page. I submit the HTML Page with the form. Then
I take the required values and use a function as follows.
function attempt_login () {
global $ uamsecret, $ userpassword, $ username, $ password;

$ hexchal = pack ("H32", $ _GET ['chal']);
$ newchal = $ uamsecret? pack ("H *", md5 ($ hexchal. $ uamsecret)): $
hexchal;
$ response = md5 ("\ 0". $ password. $ newchal);

$ newpwd = pack ("a32", $ password);
$ pappassword = implode ('', unpack ("H32", ($ newpwd ^ $ newchal)));
if ((isset ($ uamsecret)) && isset ($ userpassword)) {
// print implode ('', array (
// '<meta http-equiv = "refresh" content = "0; url =',
// 'http: //', $ _GET ['uamip'], ':', $ _GET ['uamport'], '/',
// 'logon? username =', $ username, '& password =', $ pappassword, '">'
//));
}
else
{
print implode ('', array (
'<meta http-equiv = "refresh" content = "0; url =',
'http: //', $ _GET ['uamip'], ':', $ _GET ['uamport'], '/',
'logon? username =', $ username, '& response =', $ response, '">'
));
}
}
Everything works correctly, but I'm guessing that if the Challenge value is
changed in the GET operation, res = Failed is returned. How can I prevent
this?

Tim <ti***8@gmail.com>, 20 Eki 2019 Paz, 04:18 tarihinde şunu yazdı:

> Hi Sergen
>
> Unfortunately, the challenge value will continue to change as time goes
> on. This is to prevent replay attacks and other such things. However, if
> you're using the JS login page, it should already be fetching a new
> challenge before it submits the login attempt. Are you using the JS page,
> or the plain text version?
>
> Regards
>
> Tim
>
> On Sun, 20 Oct 2019 at 00:30, Sergen Çolak <se***7@gmail.com>
> wrote:
>
>> Hello everybody,
>> I have a question about Coovachilli. The link to the first time my PHP
>> Page was loaded,
>>
>> http://192.168.80.1/admin/uam/hotspot?res=notyet&uamip=192.168.80.1&uamport=3990&challenge=8117e6bf4eb10d19edf8d47af8237bdd
>> When I look at http://192.168.80.1:3990/json/status
>> {"version": "1.0", "clientState": 0, "challenge":
>> "8117e6bf4eb10d19edf8d47af8237bdd" ....
>> The challenge value that appears in Json / status changes when I do not
>> login for a certain time. And when I try to login, I get res = failed even
>> though my username and password are correct. The Challenge mismatch in the
>> Form, which appears to be exactly in Json. Can I prevent the challenge
>> value from changing?
>> Sorry for the bad English. Thank you.
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/c0d652a1-9f34-453c-81ad-249f3e94b09b%40grasehotspot.org
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/c0d652a1-9f34-453c-81ad-249f3e94b09b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>> .
>>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BoTs5YO7qX4ykDD21GfzKT3-yuKFAp5S0R0ippvnyu8g%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BoTs5YO7qX4ykDD21GfzKT3-yuKFAp5S0R0ippvnyu8g%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread

• Return to October 2019

• Return to “emre erdoğan <po***e@gmail.com>”
• Return to “Sergen Çolak <se***7@gmail.com>”

• Return to “Tim <ti***8@gmail.com>”

• 2019-10-19 (Sat, 19 Oct 2019 07:30:12 -0700) - CoovaChilli Challenge Parameters Problem - Sergen Çolak <se***7@gmail.com>
  • 2019-10-19 (Sun, 20 Oct 2019 11:18:39 +1000) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - Tim <ti***8@gmail.com>
    • 2019-10-20 (Mon, 21 Oct 2019 09:50:37 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - Sergen Çolak <se***7@gmail.com>
      • 2019-10-21 (Mon, 21 Oct 2019 14:24:17 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - emre erdoğan <po***e@gmail.com>
        • 2019-10-21 (Mon, 21 Oct 2019 14:30:05 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - Sergen Çolak <se***7@gmail.com>
          • 2019-10-21 (Mon, 21 Oct 2019 14:42:04 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - emre erdoğan <po***e@gmail.com>
            • 2019-10-21 (Mon, 21 Oct 2019 15:11:26 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - Sergen Çolak <se***7@gmail.com>
              • 2019-10-22 (Tue, 22 Oct 2019 11:18:27 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - emre erdoğan <po***e@gmail.com>
                • 2019-10-22 (Tue, 22 Oct 2019 12:10:55 +0300) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - Sergen Çolak <se***7@gmail.com>
                  • 2019-10-27 (Mon, 28 Oct 2019 07:35:26 +1000) - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem - Tim <ti***8@gmail.com>