1
icycrash
20d

I was given a perl script to help change ubnt airos devices passwords from the command line. I was give no instructions on how to use it and I am not use to working with perl If anyone can give me some help I would really appreciate it. Here is the code.

#!/usr/bin/perluse
FindBin qw($Bin $Script);
use WWW::Mechanize;
die "Syntax: $Script ...Changes the password on 1 or more AirOS units." unless @ARGV >= 6;
my $user = shift @ARGV;
my $op = shift @ARGV;
my $np = shift @ARGV;
my $rouser = shift @ARGV;
my $ropass = shift @ARGV;
my @addresses = @ARGV;
open L, ">>$Bin/$Script.log" or die "Unable to write to $Bin.log: $!";
sub l {
print STDERR @_;
print L @_;
}

for my $a (@addresses) {
l "Changing password on $a\n";
my $mech = WWW::Mechanize->new();
my $entry;
my $start = "http://$a/login.cgi?uri=/system.cgi";
$mech->get($start);
$mech->field('username',$user);
$mech->field('password',$op);
$response = $mech->submit();

# to get login cookie
if (!$response->is_success) {
l $response->status_line, "\n";
}
$mech->get(qq|http://$a/system.cgi|);
$mech->field('NewPassword',$np);
$mech->field('NewPassword2',$np);
$mech->field('OldPassword',$op);
$mech->field('ro_status', "enabled");
$mech->field('rousername', $rouser);
$mech->field('roPassword', $ropass);
$mech->field('hasRoPassword', "true");
$mech->click_button(name => "change");
$response = $mech->submit();

if (!$response->is_success) {
l $response->status_line, "\n";
}
$response = $mech->get(qq|http://$a/apply.cgi|);
if (!$response->is_success) {
l $response->status_line, "\n";
}
}close L;
exit 0;

Comments
  • 0
    Never did any perl, but looks, like you run that script like
    script <user> <passwordOld> <passwordNew> <readonlyUser> <readonlyPassword> <address>...

    <user> is the admin user name.
    <passwordOld> is it's current password.
    <passwordNew> is it's new password.
    <readonlyUser> is the non-admin user to create.
    <readonlyPassword> is it's new password.
    <address> is the addresses of all devices to alter credentials on. They have to have the same admin user with the same old admin user password.
  • 0
    @Oktokolo I've tried it that way with no luck. I'm pretty sure the guy who passed me the script is an idiot who stole it from somewhere that's why he didn't tell me anything on it. If it was python or bash I could understand it.
  • 0
    @icycrash
    I don't think, language matters here.
    It logs in to a device's admin interface and then calls the page for changing the admin password and creating the non-admin user directly using the cookie it got from the login. It does that for every device address.

    You could port it to python as an exercise...
  • 0
    Change the shebang to /usr/bin/perl

    Honestly, you should just rewrite this as a shell script or python and use ansible to run it on multiple boxes.
  • 1
    @SortOfTested I'm looking into rewriting it. Its just a slow progress while I figure out the best way to interact with a website using python or bash.
  • 0
    @icycrash
    You can also just use wget or curl as well. This script is literally just issuing get requests, copying a token and populating form vars on a second request.
  • 0
    Those devices also accept SSH login, I don't remember if they allow password change through it tho.
  • 0
    Looks like cat /dev/urandom to me..
  • 0
    @theKarlisK They kinda allow you but kinda don't. The changes made on cli isn't persistent after a reboot.
Add Comment