第一部分已作为配置/监视工具登录到具有本地Web服务器的设备。(我认为)。
$r = Invoke-WebRequest -URI "http://$server" -SessionVariable sv -UseDefaultCredentials -Method Default
$form = $r.Forms[0]
$form.Fields['user'] = 'username'
$form.Fields['pwd'] = 'pw' #$form.Action is the right one as returned in the form
$r = Invoke-WebRequest -Uri ("http://$server" + $form.Action) -WebSession $sv -Method $form.Method -Body $form.Fields -TimeoutSec 20
现在是问题; o)
手动在网页上登录会导致另一个URL具有动态会话ID,如下所示:
http://$server/xyz.asp;session_id=7a7ff613d48ac87927edf66a356e90e1
在监视工具中,我看到新的URL返回并被浏览器使用,但是我不知道如何“捕获”新的URL来访问脚本的下一页。 第二个请求的响应内容仍然是登录页面中的内容,因此我想登录不如返回的StatusCode / Description所说明的那样成功。
欢迎任何建议! 谢谢,祝您愉快!
$ r的第一个结果:
StatusCode : 200
StatusDescription : Ok
Content : <html>
<head>
<title>Login Page</title>
<!--[if lt IE 7.]>
<script defer type="text/javascript" src="/pngfix.js"></script>
<![endif]-->
<script type="text/javascript" src="/md5.js"></script>
<script t...
RawContent : HTTP/1.1 200 Ok
Pragma: no-cache
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Date: Sun, 18 Nov 2018 21:41:16 GMT
Expires: 0
Server: httpd
<html>
<head>
<title>Login Pag...
Forms : {frm}
Headers : {[Pragma, no-cache], [Connection, close], [Cache-Control, no-cache], [Content-Type, text/html]...}
Images : {@{innerHTML=; innerText=; outerHTML=<IMG style="POSITION: absolute; Z-INDEX: -1" src="/image/pg.jpg" width="100%">; outerText=; tagName=IMG; style=POSITION: absolute; Z-INDEX: -1;
src=/image/pg.jpg; width=100%}, @{innerHTML=; innerText=; outerHTML=<IMG src="/image/cisco_logo_about.png">; outerText=; tagName=IMG; src=/image/cisco_logo_about.png}, @{innerHTML=;
innerText=; outerHTML=<IMG src="/image/ContextMessageArrow_DownT.gif">; outerText=; tagName=IMG; src=/image/ContextMessageArrow_DownT.gif}, @{innerHTML=; innerText=; outerHTML=<IMG
id=log class=LOGINIMG style="DISPLAY: none" src="/image/login_progress.gif">; outerText=; tagName=IMG; id=log; class=LOGINIMG; style=DISPLAY: none; src=/image/login_progress.gif}}
InputFields : {@{innerHTML=; innerText=; outerHTML=<INPUT type=hidden name=submit_button>; outerText=; tagName=INPUT; type=hidden; name=submit_button}, @{innerHTML=; innerText=; outerHTML=<INPUT
type=hidden name=keep_name>; outerText=; tagName=INPUT; type=hidden; name=keep_name}, @{innerHTML=; innerText=; outerHTML=<INPUT type=hidden value=1 name=enc>; outerText=;
tagName=INPUT; type=hidden; value=1; name=enc}, @{innerHTML=; innerText=; outerHTML=<INPUT type=input name=user>; outerText=; tagName=INPUT; type=input; name=user}...}
Links : {}
ParsedHtml : mshtml.HTMLDocumentClass
RawContentLength : 5800
SessionVariable:
Id : frm
Method : post
Action : /login.cgi
Fields : {[submit_button, ], [keep_name, ], [enc, 1], [user, ]...}
第二次调用:
# here I'm not sure, the "enc" field is 1 when I read it (don't know if it's read-only)
# and I also tried a secure string for "pwd" but it didn't work either
# so I tried this with "pwd" as simple string and "enc"=0
$form.Fields['user'] = '<user>'
$form.Fields['pwd'] = '<pw>'
$form.Fields['enc'] = '0'
$r = Invoke-WebRequest -Uri ("http://$server" + $form.Action) -WebSession $sv -Method $form.Method -Body $form.Fields -TimeoutSec 20 -Debug
调试输出:
VERBOSE: POST http://10.122.154.34/login.cgi with -1-byte payload
VERBOSE: received -1-byte response of content type text/html
# a 1-byte response doesn't look like it worked as expected, right?
$ r的第二个结果:
StatusCode : 200
StatusDescription : Ok
Content : <html>
<head>
<title>Login Page</title>
<!--[if lt IE 7.]>
<script defer type="text/javascript" src="/pngfix.js"></script>
<![endif]-->
<script type="text/javascript" src="/md5.js"></script>
<script t...
RawContent : HTTP/1.1 200 Ok
Pragma: no-cache
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Date: Sun, 18 Nov 2018 21:43:34 GMT
Expires: 0
Server: httpd
<html>
<head>
<title>Login Pag...
Forms : {frm}
Headers : {[Pragma, no-cache], [Connection, close], [Cache-Control, no-cache], [Content-Type, text/html]...}
Images : {@{innerHTML=; innerText=; outerHTML=<IMG style="POSITION: absolute; Z-INDEX: -1" src="/image/pg.jpg" width="100%">; outerText=; tagName=IMG; style=POSITION: absolute; Z-INDEX: -1;
src=/image/pg.jpg; width=100%}, @{innerHTML=; innerText=; outerHTML=<IMG src="/image/cisco_logo_about.png">; outerText=; tagName=IMG; src=/image/cisco_logo_about.png}, @{innerHTML=;
innerText=; outerHTML=<IMG src="/image/ContextMessageArrow_DownT.gif">; outerText=; tagName=IMG; src=/image/ContextMessageArrow_DownT.gif}, @{innerHTML=; innerText=; outerHTML=<IMG
id=log class=LOGINIMG style="DISPLAY: none" src="/image/login_progress.gif">; outerText=; tagName=IMG; id=log; class=LOGINIMG; style=DISPLAY: none; src=/image/login_progress.gif}}
InputFields : {@{innerHTML=; innerText=; outerHTML=<INPUT type=hidden name=submit_button>; outerText=; tagName=INPUT; type=hidden; name=submit_button}, @{innerHTML=; innerText=; outerHTML=<INPUT
type=hidden name=keep_name>; outerText=; tagName=INPUT; type=hidden; name=keep_name}, @{innerHTML=; innerText=; outerHTML=<INPUT type=hidden value=1 name=enc>; outerText=;
tagName=INPUT; type=hidden; value=1; name=enc}, @{innerHTML=; innerText=; outerHTML=<INPUT type=input name=user>; outerText=; tagName=INPUT; type=input; name=user}...}
Links : {}
ParsedHtml : mshtml.HTMLDocumentClass
RawContentLength : 5800
答案相同,除了日期...
加密字符串: 0fa58742e186c8e5ce52ba133f8714cb
powershell中的加密字符串: 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004beb616727b69b4e8264e7cc798eb93d0000000002000000000003660000c0000000100000003ab6ebeb97f783cb9b5a49187ddf72600000000004800000a000000010000 0008df253a8f5995d2dc9b00e5efb7f878510000000fe9616971b02305ee332dd9c3bf6b620140000006809524b3f5eba666022bb70f1eebcea43b57e0b