[ previous ] [ next ] [ threads ]
 
 From:  Joey Morin <joeymorin at alumni dot uwaterloo dot ca>
 To:  Pierre Nast <pierre at coldev dot org>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] backup old firmware
 Date:  Wed, 15 Jan 2014 15:36:00 -0500
On Wed, Jan 15, 2014 at 2:55 PM, Pierre Nast <pierre at coldev dot org> wrote:

> You need to retrieve the __csrf_magic hidden field value in a first curl
> request, then provide that value in subsequent requests.
> Like in the following script that retrieves the current configuration from
> a m0n0wall box :
>

I can't test whether or not it works (don't have 1.34) because it fails
under 1.33 (expected), but there's a mod of your script that *might* do the
trick.


#! /bin/bash

# CAPTURE_SIZE is in megabytes
CAPTURE_SIZE=32
IMAGE_FILE_PREFIX=m0n0wall_firmware_image
USER=admin

if [ -x curl ]; then
        echo "You need curl to run this script!"
fi

if [ $# -lt 1 -o $# -gt 2 ]; then
        echo "usage: $0 <m0n0wall box's IP or hostname> [ssl]"
        echo "  ssl: if used, then curl will use https to access your box."
        exit 1
elif [ $# -eq 2 -a "$2" = "ssl" ]; then
        PROTO='https://'
else
        PROTO='http://'
fi

read -s -p "Enter admin password:" PASSWORD
CURL_OPTS="--basic --user ${USER}:${PASSWORD} --insecure"
IP="$1"
IMAGE_URL="${PROTO}${IP}/exec_raw.php?cmd=dd%20if=/dev/ad0%20bs=1048576%20count=${CAPTURE_SIZE}%202>%20/dev/null|gzip%20-9"
IMAGE_FILE="${IMAGE_FILE_PREFIX}-${IP}-$(date +%Y%m%d%H%M%S).gz"

echo -e "\nTrying to retrieve configuration from ${IP}..."
echo "Step 1 - Connecting to m0n0wall box to retrieve CSRF magic..."
CSRF=$(curl ${CURL_OPTS} ${IMAGE_URL} | \
grep '__csrf_magic' | \
sed "s#.*value=\"\(.*\)\".*#\1#")
echo ${CSRF}
if [ -z ${CSRF} ]; then
        echo "Failed!"
        exit 1
fi
echo "Done!"

echo "Step 2 - Downloading gzip-compressed firmware image from m0n0wall
box..."
UPLOADED=$(curl ${CURL_OPTS} --referer ${IMAGE_URL} \
--form Submit=Download --form __csrf_magic=${CSRF} \
${IMAGE_URL} -o ${IMAGE_FILE}; echo $?)
if [ $UPLOADED -ne 0 ]; then
        echo "Failed!"
        exit 1
fi
echo "Done!"