I have some URL like this : X.XXX.XXX.XXX:10080
I tried to add a user and password in this url like this: http://OLM:OLM794$#X.XXX.XXX.XXX:10080
User = OLM
Psw = OLM794$
And it doesn't work
Also when I run : curl http://OLM:OLM794$#X.XXX.XXX.XXX:10080 it shows me :
curl: (6) Could not resolve host:OLM:OLM794X.XXX.XXX.XXX, it removes $# and the port :10080
When I try : curl -u OLM X.XXX.XXX.XXX:10080 then I enter the password, it works, Im able to connecte to that server.
My need is to call my url with user and password like this:
http://OLM:OLM794$#X.XXX.XXX.XXX:10080
But it doesn't work.
I read this solution : Using cURL with a username and password? but I haven't found solution
Have you an idea why ?
It would seem curl parses and reconstructs the URL, leaving out characters that it thinks are illegal. For me, the same command gives a different error though.. It could be that your curl version differs from mine.
$ curl -v http://OLM:OLM794$#127.0.0.1:10000
* Rebuilt URL to: http://OLM:OLM794127.0.0.1:10000/
* Port number ended with 'O'
* Closing connection -1
curl: (3) Port number ended with 'O'
The solution is quite trivial, just url-escape the $ symbol: %24:
$ curl http://OLM:OLM794%24#127.0.0.1:10000
According to RFC1738, the dollar-sign was allowed as an unreserved character and could be directly used, but this old RFC has since been updated many times. RFC3986, for example, does not mention it as an unreserved character anymore. This means the $ symbol has received a special meaning and should be encoded in any URL where it does not serve the function it was given.
Related
Just a quick question to solve an issue I've been facing for days now: how to get an wget json response in a shell variable?
I have so far a wget command like this:
wget "http://IP:PORT/webapi/auth.cgi?account=USER&passwd=PASSWD"
The server reponse is normally something like:
{"data":{"sid":"9O4leaoASc0wgB3J4N01003"},"success":true}
What I'd like to do is to grep the sid value in a variable (as it is used as login ticket), but also the success value in order to ensure that the command has been executed correctly...
I think it is a very easy command to build, but I've never practised wget/http reponse in shell command...
Thanks a lot for your help!
EDIT: Thanks for your help. I did gave a try to both answers, but I am having the same error message (whatever I do):
--2022-07-16 14:21:38-- http://xxxxxxxx:port/webapi/auth.cgi?api=SYNO.API.Auth&method=Login&version=3&account=USER&passwd=PWD&session=SurveillanceStation&format=sid
Connecting to 192.168.1.100:5000... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/plain]
auth.cgi?api=SYNO.API.Auth&method=Login&version=3&account=USER&passwd=PASSWD&session=SurveillanceStation&format=sid: Permission denied
Cannot write to `auth.cgi?api=SYNO.API.Auth&method=Login&version=3&account=USER&passwd=PASSWD&session=SurveillanceStation&format=sid' (Permission denied).
The annoying thing: execution the URL from a web browser works just fine... :/
You can first store the result of wget command in variable and then use it:
VAR=$(wget "http://IP:PORT/webapi/auth.cgi?account=USER&passwd=PASSWD")
and then using jq extract from JSON file:
sid=$(echo $VAR|jq .data.sid)
success=$(echo $VAR|jq .success)
If you have problem with execution of wget you can try something like:
wget -O output_file 'http://xxxxxxxx:port/webapi/auth.cgi?api=SYNO.API.Auth&method=Login&version=3&account=USER&passwd=PWD&session=SurveillanceStation&format=sid'
and then set variables:
sid=$(jq .data.sid output_file )
success=$(jq .success output_file )
I do not know why I am facing this Permission Denied error. Thus I gave a try to save cookie on a dedicated folder... And it works just fine :)
The final command lloks like:
VAR=$(wget -q --keep-session-cookies --save-cookies "/var/tmp/cookie_tmp" -O- "http://IP:PORT/webapi/auth.cgi?api=SYNO.API.Auth&method=login&version=1&account=USER&passwd=PWD&session=SurveillanceStation");
Thanks for your help (I learned a lot about sed ;) )
So this can be done using the stream editor or "sed". There is a lot to learn but for this post here is an idea of a code:
sid=$(wget <your url> | sed 's/.*sid":"\(.*\)"},.*/\1/')
success=$(wget <your url> | sed 's/.*success":\(.*\)}/\1/')
This will create 2 variables $sid and $success.
you can learn more about sed in depth here.
Hope this helped!
I am using a Ricoh Theta Z1 updated to the most recent firmware (1.60.1). I am trying to debug an Android application, but I found that one of our commands was repeatedly failing, so I connected to the camera directly from my dev box and tested the protocol directly via curl.
It's my understanding from the documentation that this command should work:
$ curl -X POST -H "Content-Type: application/json; charset=UTF-8" -d '{"name":"camera.setOptions", "parameters":{"options":{"captureMode":"image","fileFormat":{"height":3360,"type":"jpeg","width":6720}}}}' http://192.168.1.1/osc/commands/execute
But when I run this command I get this response:
{"error":{"code":"invalidParameterValue","message":"Any input parameter or option name is recognized, but its value is invalid."},"name":"camera.setOptions","state":"error"}
This in spite of the fact that when I ask the camera about its options, it responds with the exact block it has just told me wouldn't parse:
$ curl -X POST -H "Content-Type: application/json; charset=UTF-8" -d '{"name":"camera.getOptions", "parameters":{"optionNames":["clientVersion","captureMode","fileFormat"]}}' http://192.168.1.1/osc/commands/execute
gets this response:
{"name":"camera.getOptions","results":{"options":{"captureMode":"image","clientVersion":2,"fileFormat":{"height":3360,"type":"jpeg","width":6720}}},"state":"done"}
Furthermore, when I run the first command and omit the fileFormat parameter, the command executes just fine.
Any ideas what I am doing wrong here?
After a bunch of trial and error, I discovered that it is possible to use camera.setOptions to set the file format on the camera, but only if the fileFormat block is the only member of the options block. That is to say, this command:
$ curl -X POST -H "Content-Type: application/json; charset=UTF-8" -d '{"name":"camera.setOptions", "parameters":{"options":{"fileFormat":{"height":3360,"type":"jpeg","width":6720}}}}' http://192.168.1.1/osc/commands/execute
will succeed. I think this must be a bug in the Theta Z1 camera, because as far as I can discern from the docs (https://api.ricoh/docs/theta-web-api-v2/commands/camera.set_options/ and https://developers.google.com/streetview/open-spherical-camera/reference/camera/setoptions), there shouldn't be any restriction on what JSON goes into the options block. In any case, the workaround is simple enough: issue one command to set the file format and one or more as necessary to set the other options, and then you're good to go.
FYI, there is a similar bug with dateTimeZone. see this post
https://community.theta360.guide/t/how-setup-datetime-on-theta-camera-using-web-api/6572/3?u=craig
It seems like there are a few options that need to be set as a standalone option.
If you want to set dateTimeZone, it must be the only option set. I reported this to RICOH. I am going to post your findings on the community.theta360.guide forum to make it easier to find. Thanks.
I can't manage to read the data from a luasocket. If i read more than the available data, the function call keeps blocked waiting until the client decides to close.
https://github.com/StringManolo/LuaServer/blob/main/tmpServer.lua#L216
line, errorStr = clientObj:receive("*a")
I'm using this command to test:
$ curl -X POST -d "a=b" http://localhost:1337 -v
Got same problem using Chrome to send a request to the Lua server.
I tryied to read byte to byte, line to line, all, etc.
I try to connect to my router using ssh in order to automatically extract some logs from it.
I developed this code below :
#!/usr/bin/expect -f
spawn ssh root#192.168.1.1
expect "Are you sure you want to"
send -- "yes\r"
expect "password"
send -- "root\r"
expect "\#"
send -- "ls\r"
expect "\#"
the problem is I expected a garbage before the prompt in the output log.
spawn ssh root#192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:6aeE74qXMeQzg0SGJBZMIa0HFQ5HJrNqE5f3XZ6Irds.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/amin/.ssh/known_hosts).
root#192.168.1.1's password:
BusyBox v1.30.1 () built-in shell (ash)
OpenWrt Version: ALPHA
OpenWrt base: 19.07
------------------------------------
]0;root#openwrt: ~root#openwrt:~# ls
[0;0mnetwork[m
]0;root#openwrt: ~root#openwrt:~#
what's the main cause of this issue? How I can fix it?
The problem is that there are terminal escape sequences being issued, probably to control what colour the terminal uses. The easiest fix is to set the terminal type (an environment variable) to something that doesn't support colour before doing the spawn. Perhaps this will do the trick:
set env(TERM) "dumb"
If that doesn't work (it depends on exactly what is in someone's .bashrc) then you can just override the PS1 environment variable on the remote side with your first command after logging in.
# etc for logging in
expect "# "
send "PS1='# '\r"
expect "# "
# Everything should be right from here on
i'am currently trying to use SQLMap on an apparently easy injection on a local web server :
SELECT * from table WHERE `col` LIKE 'VULN_HERE';
I'am using the following command :
sqlmap -u http://localhost/?i=1 --dbms mysql --level 5 --risk 3 -p i --dbs -v 2 --technique 'T'
When running this command, sqlmap identify the injection correctly but is blocking at :
[14:36:43] [INFO] checking if the injection point on GET parameter 'i' is a false positive
What is wrong ?
I think your URL shall be quoted :
sqlmap -u "http://localhost/?i=1" ....
Hi check your syntax and have a look:
SQLmap
You need your URL to be within quotes always or the command prompt will take i=1 outside the URL and as a different parameter.
Hope it'll solve your issues.