Bash script challenge [part 2]. Authentication test (session) using the curl program.

Bash script challenge [part 2]. Authentication test (session) using the curl program.

Medium level.

Requires:

• A docker installed.
• The curl program to be installed.
• Basic knowledge of Linux commands.

In this section, I will try to log in to the Scada-LTS application using the curl program.

Let's run the docker with the ScadaLTS program.

docker run -d scadalts/scadalts:siv_dev /root/start.sh

Let's retrieve information about the port on which the program started.

export IpDocker=`docker inspect -f "{{ .NetworkSettings.IPAddress }}" $(docker ps -aq)`
echo $IpDocker

Let's try to authenticate in SCADA using the curl program.

curl -d "username=admin&password=admin&submit=Login" --dump-header headers http://$IpDocker:8080/ScadaLTS/login.htm

Let's print file headers.

cat headers

If we have the following information in the file, it means that we managed to authenticate in SCADA:
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=2B7D9B1CC45E66EFE8F082492157E12C; Path=/ScadaLTS; HttpOnly
Location: watch_list.shtm;jsessionid=2B7D9B1CC45E66EFE8F082492157E12C
Content-Language: en
Content-Length: 0
Date: Thu, 12 Sep 2019 14:02:59 GMT

We can check the result using the grep program.

cat headers | grep “302 Found” && echo ok || echo ‘not work’

The next topic will be Authentication with the use of a token.

Table of contents:

[Start] Writing API tests using the curl program