Web Authentication

Secure web authentication system with persistent credentials and session management.

Web Authentication

The Hackers Nightlight features an authentication system that protects access to the device’s management interface. You can find information about it here.

Default Credentials

When first powered on, the device uses these default login credentials:

  • Username: admin
  • Password: admin123

⚠️ Important: Change the default credentials immediately after first login to secure your device.

Login Process

  1. Navigate to the device’s web interface at http://192.168.4.1, http://hnl.cc or https://hnl.cc
  2. If not authenticated, you’ll be automatically redirected to the login page
  3. Enter your username and password
  4. Upon successful login, you’ll receive a secure authentication token
  5. The token is automatically stored as a cookie and valid for 30 minutes

Changing Credentials

You can update your login credentials through the System Settings & Info panel in the WebUI:

  1. Navigate to the System section
  2. Locate the Web Authentication card
  3. Enter your new username and password
  4. Click “update credentials”

Requirements

  • Username: Cannot be empty
  • Password: Must be at least 6 characters long

⚠️ Important: Updating credentials will immediately invalidate all active sessions, requiring all users to log in again with the new credentials.

Session Management

The authentication system also includes session management features:

  • Multiple Sessions: Supports up to 5 concurrent sessions
  • IP Binding: Each session is tied to the client’s IP address
  • Auto-Expiration: Sessions automatically expire after 30 minutes of inactivity
  • Automatic Cleanup: Expired sessions are automatically removed from memory

Credential Recovery

If you’ve forgotten your login credentials and cannot access the device, you can reset them back to the default values by reflashing the firmware:

  1. Visit flash.hnl.cc using a supported browser (Chrome, Edge, or Opera)
  2. Connect your device via USB
  3. During the flashing process, enable “Erase Flash” option
  4. Flash the firmware - this will clear all stored credentials
  5. After flashing, the device will use the default credentials (admin / admin123)

⚠️ Important: Erasing flash will also reset all other device settings to their defaults, including WiFi configuration and custom settings.

Previous
Troubleshooting