Bash script challenge [part 2]. Authentication test (session) using the curl program.
Medium level.
Requires:
- A docker installed.
- The curl program to be installed.
- Basic knowledge of Linux commands.
In this section, I will try to log in to the Scada-LTS application using the curl program.
Let's run the docker with the ScadaLTS program.
docker run -d scadalts/scadalts:siv_dev /root/start.sh
Let's retrieve information about the port on which the program started.
export IpDocker=`docker inspect -f "{{ .NetworkSettings.IPAddress }}" $(docker ps -aq)`
echo $IpDocker
Let's try to authenticate in SCADA using the curl program.
curl -d "username=admin&password=admin&submit=Login" --dump-header headers http://$IpDocker:8080/ScadaLTS/login.htm
Let's print file headers.
cat headers
If we have the following information in the file, it means that we managed to authenticate in SCADA:
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=2B7D9B1CC45E66EFE8F082492157E12C; Path=/ScadaLTS; HttpOnly
Location: watch_list.shtm;jsessionid=2B7D9B1CC45E66EFE8F082492157E12C
Content-Language: en
Content-Length: 0
Date: Thu, 12 Sep 2019 14:02:59 GMT
We can check the result using the grep program.
cat headers | grep “302 Found” && echo ok || echo ‘not work’
The next topic will be Authentication with the use of a token.