no found

[xmexg]

我尝试在linux手动修改网卡mac地址, 然后运行你的python脚本, 提示no found
我的具体步骤如下:

1. 使用airmon-ng设置网卡为监听模式, 然后使用airodump-ng扫描身边设备

   sudo airmon-ng start wlan0
   sudo airodump-ng --band ag wlan0mon

2. 我选中了mac地址为 26:5F:FF:C6:5E:B9的幸运儿, 修改另一张网卡的mac地址

   sudo ifconfig wlan1 down
   sudo macchanger -m  26:5F:FF:C6:5E:B9 wlan1
   sudo ifconfig wlan1 up

3. 我手动运行你的python脚本,提示如下信息

   
   http://as.gwifi.com.cn/gportal/web/sendPassby?wlanuserip=&wlanacname=&_=3396752076153
   请求成功，当前时间：2024-09-01 21:35:09
   响应内容： not found!

进程已结束，退出代码为 0

4. 我ping了`as.gwifi.com.cn`, ip地址是`10.101.0.2` 域名和ip都能在浏览器正常打开,直接访问是一段文本`File not found.`

❯ curl as.gwifi.com.cn File not found.

~ ❯ curl 10.101.0.2
File not found.

访问`http://10.101.0.2/gportal/web/login`会正常显示上网登录页面

额外的, 我尝试nmap了这个ip

❯ nmap -A 10.101.0.2
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-01 21:11 CST Stats: 0:00:43 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 85.71% done; ETC: 21:11 (0:00:07 remaining) Nmap scan report for 10.101.0.2 Host is up (0.90s latency). Not shown: 993 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 (protocol 2.0) | ssh-hostkey: | 3072 3b:cc:b2:3e:bd:19:33:cc:a7:ce:cd:24:ad:04:20:87 (RSA) | 256 e2:33:75:73:01:7d:12:65:a1:2e:c7:30:8b:45:0e:b0 (ECDSA) |_ 256 de:7c:a2:8f:dd:a4:0e:a4:c9:7f:72:a3:9a:ff:d3:ce (ED25519) 53/tcp open domain? 80/tcp open http nginx |_http-title: Site doesn't have a title (text/html; charset=UTF-8). 3306/tcp open mysql MySQL (unauthorized) 8080/tcp open http nginx |_http-title: 404 Not Found 8888/tcp open http nginx |http-title: GiWiFi 50001/tcp open unknown | fingerprint-strings: | GetRequest: | HTTP/1.1 200 | X-Content-Type-Options: nosniff | X-XSS-Protection: 1; mode=block | Cache-Control: no-cache, no-store, max-age=0, must-revalidate | Pragma: no-cache | Expires: 0 | Content-Type: text/plain;charset=ISO-8859-1 | Content-Length: 36 | Date: Sun, 01 Sep 2024 13:11:17 GMT | Connection: close | Backend service started successfully | HTTPOptions: | HTTP/1.1 200 | Allow: GET,HEAD,OPTIONS | X-Content-Type-Options: nosniff | X-XSS-Protection: 1; mode=block | Cache-Control: no-cache, no-store, max-age=0, must-revalidate | Pragma: no-cache | Expires: 0 | Date: Sun, 01 Sep 2024 13:11:17 GMT | Connection: close | RTSPRequest: | HTTP/1.1 505 | Content-Type: text/html;charset=utf-8 | Content-Language: en | Content-Length: 830 | Date: Sun, 01 Sep 2024 13:11:17 GMT | <!doctype html><h1 | ibm-db2: | HTTP/1.1 400 | Content-Type: text/html;charset=utf-8 | Content-Language: en | Content-Length: 800 | Date: Sun, 01 Sep 2024 13:11:11 GMT | Connection: close | <!doctype html><body 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port50001-TCP:V=7.94SVN%I=7%D=9/1%Time=66D467EF%P=x86_64-pc-linux-gnu%r SF:(ibm-db2,3BB,"HTTP/1.1\x20400\x20\r\nContent-Type:\x20text/html;charse SF:t=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\x20800\r\nDate:\x SF:20Sun,\x2001\x20Sep\x202024\x2013:11:11\x20GMT\r\nConnection:\x20close\ SF:r\n\r\n<!doctype\x20html><html\x20lang=\"en\"><style\x20type=\"tex SF:t/css\">h1\x20{font-family:Tahoma,Arial,sans-serif;color:white;backgrou SF:nd-color:#525D76;font-size:22px;}\x20h2\x20{font-family:Tahoma,Arial,sa SF:ns-serif;color:white;background-color:#525D76;font-size:16px;}\x20h3\x2 SF:0{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525 SF:D76;font-size:14px;}\x20body\x20{font-family:Tahoma,Arial,sans-serif;co SF:lor:black;background-color:white;}\x20b\x20{font-family:Tahoma,Arial,sa SF:ns-serif;color:white;background-color:#525D76;}\x20p\x20{font-family:Ta SF:homa,Arial,sans-serif;background:white;color:black;font-size:12px;}\x20 SF:a\x20{color:black;}\x20a.name\x20{color:black;}\x20.line\x20{height:1 SF:px;background-color:#525D76;border:none;}<body")%r(GetRe SF:quest,14D,"HTTP/1.1\x20200\x20\r\nX-Content-Type-Options:\x20nosniff\r SF:\nX-XSS-Protection:\x201;\x20mode=block\r\nCache-Control:\x20no-cache,\ SF:x20no-store,\x20max-age=0,\x20must-revalidate\r\nPragma:\x20no-cache\r\ SF:nExpires:\x200\r\nContent-Type:\x20text/plain;charset=ISO-8859-1\r\nCon SF:tent-Length:\x2036\r\nDate:\x20Sun,\x2001\x20Sep\x202024\x2013:11:17\x2 SF:0GMT\r\nConnection:\x20close\r\n\r\nBackend\x20service\x20started\x20su SF:ccessfully")%r(HTTPOptions,101,"HTTP/1.1\x20200\x20\r\nAllow:\x20GET,H SF:EAD,OPTIONS\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:\ SF:x201;\x20mode=block\r\nCache-Control:\x20no-cache,\x20no-store,\x20max- SF:age=0,\x20must-revalidate\r\nPragma:\x20no-cache\r\nExpires:\x200\r\nDa SF:te:\x20Sun,\x2001\x20Sep\x202024\x2013:11:17\x20GMT\r\nConnection:\x20c SF:lose\r\n\r\n")%r(RTSPRequest,3C6,"HTTP/1.1\x20505\x20\r\nContent-Type: SF:\x20text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Lengt SF:h:\x20830\r\nDate:\x20Sun,\x2001\x20Sep\x202024\x2013:11:17\x20GMT\r\n\ SF:r\n<!doctype\x20html><html\x20lang=\"en\"><st SF:yle\x20type=\"text/css\">h1\x20{font-family:Tahoma,Arial,sans-serif;col SF:or:white;background-color:#525D76;font-size:22px;}\x20h2\x20{font-famil SF:y:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-siz SF:e:16px;}\x20h3\x20{font-family:Tahoma,Arial,sans-serif;color:white;back SF:ground-color:#525D76;font-size:14px;}\x20body\x20{font-family:Tahoma,Ar SF:ial,sans-serif;color:black;background-color:white;}\x20b\x20{font-famil SF:y:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}\x20p\x SF:20{font-family:Tahoma,Arial,sans-serif;background:white;color:black;fon SF:t-size:12px;}\x20a\x20{color:black;}\x20a.name\x20{color:black;}\x20. SF:line\x20{height:1px;background-color:#525D76;border:none;}</hea SF:d><h1");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 66.77 seconds

其中`http://10.101.0.2:8888/`是giwifi后台管理登录页面, 3次登录机会, 失败锁定, 看起来后台是php

接下来应该怎么弄呢?

[lammy2024]

你好👋，最近脚本里面的域名好像是被解析到 127.0.2.1 了，你尝试自行修改域名为 10.101.0.2 试试，或者使用手机，下载 GiwifiApp，点击充值，提交订单后检查网络状态（不是充值，只是检查是否有临时放行接口），如果可以你可以抓包看看，最近 Giwifi 好像在维修，我们的 Wi-Fi 都临时免认证上网了

---- 回复的原邮件 ---- | 发件人 | @.> | | 日期 | 2024年09月01日 21:56 | | 收件人 | @.> | | 抄送至 | @.***> | | 主题 | [lammy2024/GiWiFi-FREE] no found (Issue #1) |

我尝试在linux手动修改网卡mac地址, 然后运行你的python脚本, 提示no found 我的具体步骤如下:

使用airmon-ng设置网卡为监听模式, 然后使用airodump-ng扫描身边设备 sudo airmon-ng start wlan0 sudo airodump-ng --band ag wlan0mon

我选中了mac地址为 26:5F:FF:C6:5E:B9的幸运儿, 修改另一张网卡的mac地址 sudo ifconfig wlan1 down sudo macchanger -m 26:5F:FF:C6:5E:B9 wlan1 sudo ifconfig wlan1 up

我手动运行你的python脚本,提示如下信息 http://as.gwifi.com.cn/gportal/web/sendPassby?wlanuserip=&wlanacname=&_=3396752076153 请求成功，当前时间：2024-09-01 21:35:09 响应内容： not found!

进程已结束，退出代码为 0

我ping了as.gwifi.com.cn, ip地址是10.101.0.2 域名和ip都能在浏览器正常打开,直接访问是一段文本File not found. ❯ curl as.gwifi.com.cn File not found.

~ ❯ curl 10.101.0.2
File not found.

访问http://10.101.0.2/gportal/web/login会正常显示上网登录页面

额外的, 我尝试nmap了这个ip

❯ nmap -A 10.101.0.2
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-01 21:11 CST Stats: 0:00:43 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 85.71% done; ETC: 21:11 (0:00:07 remaining) Nmap scan report for 10.101.0.2 Host is up (0.90s latency). Not shown: 993 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 (protocol 2.0) | ssh-hostkey: | 3072 3b:cc:b2:3e:bd:19:33:cc:a7:ce:cd:24:ad:04:20:87 (RSA) | 256 e2:33:75:73:01:7d:12:65:a1:2e:c7:30:8b:45:0e:b0 (ECDSA) |_ 256 de:7c:a2:8f:dd:a4:0e:a4:c9:7f:72:a3:9a:ff:d3:ce (ED25519) 53/tcp open domain? 80/tcp open http nginx |_http-title: Site doesn't have a title (text/html; charset=UTF-8). 3306/tcp open mysql MySQL (unauthorized) 8080/tcp open http nginx |_http-title: 404 Not Found 8888/tcp open http nginx |http-title: GiWiFi 50001/tcp open unknown | fingerprint-strings: | GetRequest: | HTTP/1.1 200 | X-Content-Type-Options: nosniff | X-XSS-Protection: 1; mode=block | Cache-Control: no-cache, no-store, max-age=0, must-revalidate | Pragma: no-cache | Expires: 0 | Content-Type: text/plain;charset=ISO-8859-1 | Content-Length: 36 | Date: Sun, 01 Sep 2024 13:11:17 GMT | Connection: close | Backend service started successfully | HTTPOptions: | HTTP/1.1 200 | Allow: GET,HEAD,OPTIONS | X-Content-Type-Options: nosniff | X-XSS-Protection: 1; mode=block | Cache-Control: no-cache, no-store, max-age=0, must-revalidate | Pragma: no-cache | Expires: 0 | Date: Sun, 01 Sep 2024 13:11:17 GMT | Connection: close | RTSPRequest: | HTTP/1.1 505 | Content-Type: text/html;charset=utf-8 | Content-Language: en | Content-Length: 830 | Date: Sun, 01 Sep 2024 13:11:17 GMT | <!doctype html><h1 | ibm-db2: | HTTP/1.1 400 | Content-Type: text/html;charset=utf-8 | Content-Language: en | Content-Length: 800 | Date: Sun, 01 Sep 2024 13:11:11 GMT | Connection: close | <!doctype html><body 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port50001-TCP:V=7.94SVN%I=7%D=9/1%Time=66D467EF%P=x86_64-pc-linux-gnu%r SF:(ibm-db2,3BB,"HTTP/1.1\x20400\x20\r\nContent-Type:\x20text/html;charse SF:t=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\x20800\r\nDate:\x SF:20Sun,\x2001\x20Sep\x202024\x2013:11:11\x20GMT\r\nConnection:\x20close\ SF:r\n\r\n<!doctype\x20html><html\x20lang=\"en\"><style\x20type=\"tex SF:t/css\">h1\x20{font-family:Tahoma,Arial,sans-serif;color:white;backgrou SF:nd-color:#525D76;font-size:22px;}\x20h2\x20{font-family:Tahoma,Arial,sa SF:ns-serif;color:white;background-color:#525D76;font-size:16px;}\x20h3\x2 SF:0{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525 SF:D76;font-size:14px;}\x20body\x20{font-family:Tahoma,Arial,sans-serif;co SF:lor:black;background-color:white;}\x20b\x20{font-family:Tahoma,Arial,sa SF:ns-serif;color:white;background-color:#525D76;}\x20p\x20{font-family:Ta SF:homa,Arial,sans-serif;background:white;color:black;font-size:12px;}\x20 SF:a\x20{color:black;}\x20a.name\x20{color:black;}\x20.line\x20{height:1 SF:px;background-color:#525D76;border:none;}<body")%r(GetRe SF:quest,14D,"HTTP/1.1\x20200\x20\r\nX-Content-Type-Options:\x20nosniff\r SF:\nX-XSS-Protection:\x201;\x20mode=block\r\nCache-Control:\x20no-cache,\ SF:x20no-store,\x20max-age=0,\x20must-revalidate\r\nPragma:\x20no-cache\r\ SF:nExpires:\x200\r\nContent-Type:\x20text/plain;charset=ISO-8859-1\r\nCon SF:tent-Length:\x2036\r\nDate:\x20Sun,\x2001\x20Sep\x202024\x2013:11:17\x2 SF:0GMT\r\nConnection:\x20close\r\n\r\nBackend\x20service\x20started\x20su SF:ccessfully")%r(HTTPOptions,101,"HTTP/1.1\x20200\x20\r\nAllow:\x20GET,H SF:EAD,OPTIONS\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:\ SF:x201;\x20mode=block\r\nCache-Control:\x20no-cache,\x20no-store,\x20max- SF:age=0,\x20must-revalidate\r\nPragma:\x20no-cache\r\nExpires:\x200\r\nDa SF:te:\x20Sun,\x2001\x20Sep\x202024\x2013:11:17\x20GMT\r\nConnection:\x20c SF:lose\r\n\r\n")%r(RTSPRequest,3C6,"HTTP/1.1\x20505\x20\r\nContent-Type: SF:\x20text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Lengt SF:h:\x20830\r\nDate:\x20Sun,\x2001\x20Sep\x202024\x2013:11:17\x20GMT\r\n\ SF:r\n<!doctype\x20html><html\x20lang=\"en\"><st SF:yle\x20type=\"text/css\">h1\x20{font-family:Tahoma,Arial,sans-serif;col SF:or:white;background-color:#525D76;font-size:22px;}\x20h2\x20{font-famil SF:y:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-siz SF:e:16px;}\x20h3\x20{font-family:Tahoma,Arial,sans-serif;color:white;back SF:ground-color:#525D76;font-size:14px;}\x20body\x20{font-family:Tahoma,Ar SF:ial,sans-serif;color:black;background-color:white;}\x20b\x20{font-famil SF:y:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}\x20p\x SF:20{font-family:Tahoma,Arial,sans-serif;background:white;color:black;fon SF:t-size:12px;}\x20a\x20{color:black;}\x20a.name\x20{color:black;}\x20. SF:line\x20{height:1px;background-color:#525D76;border:none;}</hea SF:d><h1");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 66.77 seconds

其中http://10.101.0.2:8888/是giwifi后台管理登录页面, 3次登录机会, 失败锁定, 看起来后台是php

接下来应该怎么弄呢?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>