and trying to view it directly in firefoxCode:wget http://10.1.1.1/post_login.xml --2009-04-19 20:24:46-- http://10.1.1.1/post_login.xml Connecting to 10.1.1.1:80... connected. HTTP request sent, awaiting response... 503 Service Unavailable 2009-04-19 20:24:46 ERROR 503: Service Unavailable.
Code:XML Parsing Error: syntax error Location: http://10.1.1.1/post_login.xml Line Number 1, Column 1:Service Unavailable ^
I assume you have used some sort of intercepting web proxy (Burp, Paros) to view the HTTP logon transaction to see how it works?
This will give you an idea of how the username and password are being passed to the XML page (URL parameter, cookie value, form post etc) which you will need to know to mount a proper attack. Using those tools you will also be able to trap and modify requests to see how it works (and breaks).
Its possible you wont be able to download a useful version of the "code" for the XML file because there is likely some sort of server side scripting going on on the router, and you usually wont be able to get this code by making http requests unless some sort of misconfiguration has been performed.
Getting a 503 error is very strange. I would have expected a 403 error instead. Can you pull any other web pages using wget? Also, have you tried to pull your xml page by passing a username & password in your wget request (I know that defeats your purpose, but it would be a useful test)?
so far (if anyone is interested), i have found two security holes in my d-link router. one- if you do a man in the middle attack you can get the http get request for the hash. all you have to do is pass that to the xml file, and bingo you get access. orrrrrrrrrrrr all you need to know is the address of one of the config pages. /status/someting.html (i've forgotten, it's been a few days). and i know if i can get the xml code somehow that would be another hole.
How is the hash calculated and passed do you know?