Recover Lost FreeNAS User and Password

5

Posted by Cynic | Posted in .NET, C#, Logic, Software, Solutions to Problems | Posted on 21-11-2012

“Brute Force FreeNAS” is a simple, quick utility to get back a forgotten user name and password.

It works very simply. You must enter a list of possible user names that you had for your FreeNAS and a list of possible passwords. The utility then combines them all (in a Cartesian product) and brute forces your FreeNAS web interface until you are logged in. Once you’re logged in, you then know which user name and password is correct.

Further instructions on how to use it are in the program. You can download it here:

DOWNLOAD FreeNAS Brute Forcer

Brute force freenas user password

Why did I write this?

Well, I had a problem where I couldn’t login. For some reason, there was an error in my FreeNAS box, and the proper login didn’t work. So, I started to write this utility, thinking that I’d forgotten the right login, and knowing that I knew or could guess the right user name, and the right password, but not the right combination of the two.

I then had further problems, and had to hard reset my FreeNAS box. And therein lies the key… Once I had reset it, I was able to login. However, I was already writing the utility, finished it, and tried the proper login then. However, since it works, and does what it is intended to do, I’m releasing it for others to use.

Make certain to read the instructions in the program.

The code in included in the download for anyone that wants to tweak it or whatever. There is no license – this is in the public domain. I have noted some code in there that I used from elsewhere to get some things done.

Notably, there’s a very cool bit of code that lets you do an N-ary Cartesian product, which is the core of this program as it combines the user names and passwords. You can find that here:

http://www.interact-sw.co.uk/iangblog/2010/07/28/linq-cartesian-1

I first found that article and piece of code while creating some custom software to create a corpus for the Samsung S Voice artificial intelligence – the Samsung version of Siri. I needed an N-ary Cartesian product, and not just a simple cross join on 2 sets.

Anyways, hopefully that helps someone out there.

Cheers,

Ryan

 

 

Comments (5)

[...] In this blog I am going to show you how to use a tool that brute forces user name and passwords for NAS boxes running FreeNAS. The tool is called FreeNAS Brute Forcer and can be found: Here [...]

or by SSH/CLI you could use /etc/netcli

Hi.

Thank you for saving my day :)

Following the instructions 1 through to 4:
1) Enter a list of possible user names.
2) Enter a list of possible passwords.
3) Enter the IP address of your FreeNAS box on your local network.
4) Click GO to load the login page.

Where do I enter the list of possible passwords and user names,. I have to enter both before Bruteforce will run. As I don’t know my password, what I enter in the box is always wrong.

I thought the idea of using Bruteforce was to get the user name and password?

Hey Rob,

I know what you mean. I didn’t write the utility to brute force foreign machines. It’s specifically for machines that you know and for passwords and login ID combinations.

So, for example, say you use a word, a number, and a symbol for passwords, e.g. lovely4& or freedom8^. But you use those in combinations and have forgotten. You need to generate the proper dictionary for the passwords then enter that for the passwords. The utility will not do that for you.

A pure brute force can take a very long time. If you already know the basic information, this utility will cut that down for you. However, it’s not designed for broad hacking uses.

I hope that helps explain the design and usage.

Cheers,

Ryan

Write a comment