8298 questions

9759 answers

15542 comments

13863 members

0 votes
416 views 0 comments
by

I have the following python code:

import requests

import json

url = 'http://192.168.1.1/ubus'

res = requests.post(url, data=json.dumps(payload), headers=headers)

headers = {'content-type': 'application/json'}

payload =  { 

    "jsonrpc":"2.0", "id":1, "method":"call", "params":

    [

        "00000000000000000000000000000000", "session", "login",

        {

            "username":"root", "password":"...."

        }

    ]

}

res = requests.post(url, data=json.dumps(payload), headers=headers)

res.json()

Gives:

  'ubus_rpc_session': '6ccbe823c979aac5c4e4e586431e283d',
 

This code returns the session id. 

That I need to retrieve gps data. 

payload = '{"jsonrpc": "2.0", "id": 1, "method": "call", "params": ["6ccbe823c979aac5c4e4e586431e283d", "file", "exec", {"command": "gpsctl", "params": ["-ix"]}]}'

How can I retrieve the session id without using my root password.

1 Answer

0 votes
by
Hello,

You must provide router credentials in order to generate a session ID for security reasons.

If someone could generate session ID without the need to provide router credentials, router would be practically open for the attacker.
Best answer