2019-10-21 - Re: [GRASE-Hotspot] CoovaChilli Challenge Parameters Problem

Header Data

From: Sergen Çolak <se***7@gmail.com>
Message Hash: 4b0639825ab862b3029e7a73fad3e96f1ed142131be21ea5b10f2d139d0cd11a
Message ID: <CAFb3bYAqMkaaS_w+ghQATYDDBF_QwovEvpMx72hUx9FC79To4g@mail.gmail.com>
Reply To: <CADDedMGezjEUNOuHpDPVGD9fiqQxFqbshkJ4TX4wJL=mh5aULw@mail.gmail.com>
UTC Datetime: 2019-10-21 04:30:05 UTC
Raw Date: Mon, 21 Oct 2019 14:30:05 +0300

Raw message

Hello again, Tim and Emre,
Routing is working. Coming to the login screen. However, even if the
challenge value has changed, I would like to grant access without affecting
the user in any way.

When I review the Grase Hotspot files. Form Action looks as nojslogin.php.
The Challenge value in the Nojslogin file is getting POST. However,
although the Challenge value hidden in Portal.tpl is not the same as the
JSON values, it can get pass permission. I understand that a few more
processes are going on in the background. How can I adapt this to myself?
What should I watch out for? I use my form directly as a POST, not as an
action.

emre erdoğan <po***e@gmail.com>, 21 Eki 2019 Pzt, 14:24 tarihinde şunu
yazdı:

> Hi Sergen.
>
> Did you try to redirect to "http://1.0.0.0" by using meta refresh?
>
> Sergen Çolak <se***7@gmail.com>, 21 Eki 2019 Pzt, 09:50 tarihinde
> şunu yazdı:
>
>> Thank you for your quick response, Tim.
>> I don't use the Javascript page. I submit the HTML Page with the form.
>> Then I take the required values and use a function as follows.
>> function attempt_login () {
>> global $ uamsecret, $ userpassword, $ username, $ password;
>>
>> $ hexchal = pack ("H32", $ _GET ['chal']);
>> $ newchal = $ uamsecret? pack ("H *", md5 ($ hexchal. $ uamsecret)): $
>> hexchal;
>> $ response = md5 ("\ 0". $ password. $ newchal);
>>
>> $ newpwd = pack ("a32", $ password);
>> $ pappassword = implode ('', unpack ("H32", ($ newpwd ^ $ newchal)));
>> if ((isset ($ uamsecret)) && isset ($ userpassword)) {
>> // print implode ('', array (
>> // '<meta http-equiv = "refresh" content = "0; url =',
>> // 'http: //', $ _GET ['uamip'], ':', $ _GET ['uamport'], '/',
>> // 'logon? username =', $ username, '& password =', $ pappassword, '">'
>> //));
>> }
>> else
>> {
>> print implode ('', array (
>> '<meta http-equiv = "refresh" content = "0; url =',
>> 'http: //', $ _GET ['uamip'], ':', $ _GET ['uamport'], '/',
>> 'logon? username =', $ username, '& response =', $ response, '">'
>> ));
>> }
>> }
>> Everything works correctly, but I'm guessing that if the Challenge value
>> is changed in the GET operation, res = Failed is returned. How can I
>> prevent this?
>>
>> Tim <ti***8@gmail.com>, 20 Eki 2019 Paz, 04:18 tarihinde şunu yazdı:
>>
>>> Hi Sergen
>>>
>>> Unfortunately, the challenge value will continue to change as time goes
>>> on. This is to prevent replay attacks and other such things. However, if
>>> you're using the JS login page, it should already be fetching a new
>>> challenge before it submits the login attempt. Are you using the JS page,
>>> or the plain text version?
>>>
>>> Regards
>>>
>>> Tim
>>>
>>> On Sun, 20 Oct 2019 at 00:30, Sergen Çolak <se***7@gmail.com>
>>> wrote:
>>>
>>>> Hello everybody,
>>>> I have a question about Coovachilli. The link to the first time my PHP
>>>> Page was loaded,
>>>>
>>>> http://192.168.80.1/admin/uam/hotspot?res=notyet&uamip=192.168.80.1&uamport=3990&challenge=8117e6bf4eb10d19edf8d47af8237bdd
>>>> When I look at http://192.168.80.1:3990/json/status
>>>> {"version": "1.0", "clientState": 0, "challenge":
>>>> "8117e6bf4eb10d19edf8d47af8237bdd" ....
>>>> The challenge value that appears in Json / status changes when I do not
>>>> login for a certain time. And when I try to login, I get res = failed even
>>>> though my username and password are correct. The Challenge mismatch in the
>>>> Form, which appears to be exactly in Json. Can I prevent the challenge
>>>> value from changing?
>>>> Sorry for the bad English. Thank you.
>>>>
>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***e@grasehotspot.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/c0d652a1-9f34-453c-81ad-249f3e94b09b%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/c0d652a1-9f34-453c-81ad-249f3e94b09b%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***e@grasehotspot.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BoTs5YO7qX4ykDD21GfzKT3-yuKFAp5S0R0ippvnyu8g%40mail.gmail.com
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BoTs5YO7qX4ykDD21GfzKT3-yuKFAp5S0R0ippvnyu8g%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAFb3bYD%2B5MpmvBFLXsrfph%3DS5uEfBUdz4Wvax44iObT7jK84jQ%40mail.gmail.com
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAFb3bYD%2B5MpmvBFLXsrfph%3DS5uEfBUdz4Wvax44iObT7jK84jQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CADDedMGezjEUNOuHpDPVGD9fiqQxFqbshkJ4TX4wJL%3Dmh5aULw%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CADDedMGezjEUNOuHpDPVGD9fiqQxFqbshkJ4TX4wJL%3Dmh5aULw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread