Question about a way to crack esp from a distance.

zekageri
Posts: 43
Joined: Mon Sep 03, 2018 11:04 am

Question about a way to crack esp from a distance.

Postby zekageri » Mon Jan 18, 2021 5:49 pm

Hello everyone!

I'm curious if someone knows a way to hack an esp32 webserver to serve a protected page.

The scenario:

Currently i'm using the async webserver by Me_no_Dev.
If someone outside the network tries to reach the esp default path "/" it is sending a login page instead and not the index.html.
So to the index.html page there are no other paths just one wich checks the client's IP address first.
If the IP address first three digits are not the same as the local IP address first three digit than a login.html gets served and not the index.html.

So the question is, does somebody knows a way around that? I want to know if there are any vulnerabilities.
I know there are bruteforce ways for this, ( obviously the esp can't handle that and it is crashing before the bruteforce gets to know the login credentials ) or if somebody monitors the packets inside the network when somebody tries to login and with a man in the middle attack he can stole the information if it is not on https.

Here are some codes for this scenario:

Code: Select all

 String GlobalUserName       = "admin";
    String GlobalUserPassword   = "admin";

server.on("/", HTTP_GET, [](AsyncWebServerRequest *request) {
    String Path = "/Home_index.html";
    //Example IPAddress : (192, 168, 0, 150);
      if(request->client()->remoteIP()[0] != CurrentIP[0] || request->client()->remoteIP()[1] != CurrentIP[1] || 
      request->client()->remoteIP()[2] != CurrentIP[2]){Path = "/Login.html";}
   
    AsyncWebServerResponse* response = request->beginResponse(LITTLEFS, Path, "text/html");
    response->addHeader("Content-Encoding", "gzip");
    request->send(response);
});

server.on("/RemoteLogin", HTTP_POST, [](AsyncWebServerRequest *request){
  String IsSuccess = "false";
  String Message = "";
  if(request->hasArg("username") && request->hasArg("pw")){
    if(request->arg("username") == GlobalUserName && request->arg("pw") == GlobalUserPassword){
      LoggedIN = true;
      Message = "Success";
    }else{
      Message = "The password or the username does not mach!";
    }
  }else{
    Message = "Every field has to be filled up!";
  }
  AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", Message);
  request->send(response);
});

ESP_Sprite
Posts: 9757
Joined: Thu Nov 26, 2015 4:08 am

Re: Question about a way to crack esp from a distance.

Postby ESP_Sprite » Tue Jan 19, 2021 2:02 am

There doesn't seem to be anything obvious wrong aside from the bruteforce and MitM attacks you mentioned.

Who is online

Users browsing this forum: No registered users and 78 guests