#!/usr/bin/php -q
<?php
/*
Script : router.php
Author : rizapn@gmail.com - apr3,2020
-------------------------------------
Connect to ZTE F609 router
check IP and send reboot command remotely
*/
$PATH0 = dirname(__FILE__);
$IP = '192.168.1.1';
$user = 'user';
$pwd_enc = ''; //--encrypted password
$random = '92198674';
$url = "http://$IP/";
$result = @file_get_contents($url);
if (preg_match('/"Frm_Logintoken", "(\d+)"/s',$result,$M))
{
$token = $M[1];
$type = 1;
}
else if (preg_match('/getObj\("Frm_Logintoken"\)\.value = "(\d+)";/s',$result,$M))
{
$token = $M[1];
$type = 2;
}
else
{
addLog("Error reading First Login Token !",3);
exit;
}
$user = 'user';
if ($type==1)
{
// $random = rand(10000000,99999999);
// $pwd_enc = hash('sha256',$pwd.$random);
$post =
"action=login&Username=$user&".
"Password=$pwd_enc&Frm_Logintoken=$token&UserRandomNum=$random";
}
else if ($type==2)
{
$post = "frashnum=&action=login&Frm_Logintoken=$token&Username=$user&Password=$pwd";
}
$HEADERS = array(
'Connection' => 'keep-alive',
'Content-Type' => 'application/x-www-form-urlencoded',
'Cookie' => '_TESTCOOKIESUPPORT=1',
'Host' => $IP,
'Referer' => $url,
'Upgrade-Insecure-Requests' => 1,
);
list($result,$resp) = sendHttp($url,$post);
$SID = '';
if (preg_match('/SID=(.+?);/',$resp['Set-Cookie'],$M))
{
$SID = $M[1];
addLog("Cookie: $SID",1);
}
$HEADERS['Cookie'] = "_TESTCOOKIESUPPORT=1; SID=$SID";
$url_start = "http://$IP/start.ghtml";
list($result,$resp) = sendHttp($url_start,'');
$HEADERS['Referer'] = $url_start;
$url_netinfo = "http://{$IP}/getpage.gch?pid=1002&nextpage=IPv46_status_wan2_if_t.gch"; //--network-info
list($result,$resp) = sendHttp($url_netinfo,'');
$public = 1;
$REM_IP = array('PRIVATE','PUBLIC');
$myIP = '0.0.0.0';
if (preg_match('#>IP</.+?">(.+?)</#s',$result,$M))
{
if (preg_match('#Online Duration</td>.+?>(\d+) #s',$result,$M2))
$online = $M2[1];
$myIP = $M[1];
if (substr($myIP,0,3)=='10.') $public = 0;
$online += 0;
$ss = $online % 60;
$mm = floor($online/60);
$hh = floor($mm/60);
$day = floor($hh/24);
$hh = $hh % 24;
$mm = $mm % 60;
$pREM = $REM_IP[$public];
}
else
{
$myIP = '???';
addLog("NoIP",1);
}
$stok = '';
if (substr($cmd,0,6)=='reboot')
{
if ($cmd=='reboot-force' || $public==0) $stok = rebootRouter();
else addLog("NOT REBOOTED",1);
}
$post = "logout=1&_SESSION_TOKEN=$stok";
sendHttp($url, $post);
addLog("Finished!",1);
exit;
/* ------ END OF SCRIPT ------ */
function rebootRouter()
{
global $IP;
$url_admin = "http://{$IP}/getpage.gch?pid=1002&nextpage=manager_dev_conf_t.gch";
list($result,$resp) = sendHttp($url_admin,'');
if (preg_match('/session_token = "(.+?)";/s',$result,$M))
{
$stok = $M[1];
addLog("session_token: $stok",1);
}
addLog("<<< REBOOTED >>>",3);
$post = "IF_ACTION=devrestart&IF_ERRORSTR=SUCC&IF_ERRORPARAM=SUCC&IF_ERRORTYPE=-1&flag=1&_SESSION_TOKEN=$stok";
list($result,$resp) = sendHttp($url_admin,$post);
return $stok;
}
function sendHttp($url,$post)
{
global $HEADERS;
$clen = strlen($post);
if ($clen>0)
{
$method = 'POST';
$HEADERS['Content-Length'] = $clen;
}
else
{
$method = 'GET';
unset($HEADERS['Content-Length']);
}
$opts = array('http' =>
array(
'timeout' => 15,
'method' => $method,
'header' => getHeaders($HEADERS),
)
);
if ($clen>0) $opts['http']['content'] = $post;
$context = stream_context_create($opts);
$result = @file_get_contents($url,false,$context);
$resp = getResp($http_response_header);
return array($result,$resp);
}
function getHeaders($HEADERS)
{
$out = '';
foreach ($HEADERS as $id=>$val) $out .= "$id: $val\n";
return $out;
}
function getResp($RESP)
{
$out = array();
foreach ($RESP as $r)
{
if (preg_match('/^(.+?): (.*?)$/',$r,$M)) $out[$M[1]] = $M[2];
else if (preg_match('#HTTP.+? (\d+) (.+)$#',$r,$M))
{
$out['code'] = $M[1];
$out['status'] = $M[2];
}
}
return $out;
}
function addLog($txt,$flag)
{
global $PATH0;
$out = strftime("%Y-%m-%d %H:%M:%S")."> $txt\n";
$fout = "$PATH0/cek_router.log";
if (($flag&1)>0) print $out;
if (($flag&2)>0) file_put_contents($fout,$out,FILE_APPEND);
}
?>
No comments:
Post a Comment