NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Cannot perform a remote shutdown of a ReadyNAS using shell script and CURL
Based on various previous forum posts, I have developed the following shell script to use CURL to shutdown my ReadyNAS. I read about the need to add a csrfpId token due to a previous security fix to the firmware. Anyone know why I still get a "Forbidden: You don't have permission to access /dbbroker on this server" error?
Firmware: 6.10.3
ReadyNAS RN212
#!/bin/sh host=192.168.0.11 username=admin password="xxxxxx" token=$(curl -sS -u $username:$password http://$host/admin/csrf.html | grep -oP '"csrfpId", "\K[^"]+') curl -sS -v --header "X-CSRFToken: $token" -u $username:$password -k "http://$host/dbbroker" -H "Content-Type: application/x-www-form-urlencoded;" -H "X-Requested-With: XMLHttpRequest" --data "<?xml version=\"1.0\" encoding=\"UTF-8\"?><xs:nml xmlns:xs=\"http://www.netgear.com/protocol/transaction/NMLSchema-0.9\" xmlns=\"urn:netgear:nas:readynasd\" src=\"dpv_1584484996000\" dst=\"nas\"><xs:transaction id=\"njl_id_1628\"><xs:custom id=\"njl_id_1628\" name=\"Halt\" resource-id=\"Shutdown\" resource-type=\"System\"><Shutdown halt=\"true\" fsck=\"false\"/></xs:custom></xs:transaction></xs:nml>"
The script, which has the verbose flag, provides the following output:
root@raspberrypi:/hassio/homeassistant# ./readynas_shutdown.sh * Expire in 0 ms for 6 (transfer 0x13ca880) * Trying 192.168.0.11... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x13ca880) * Connected to 192.168.0.11 (192.168.0.11) port 80 (#0) * Server auth using Basic with user 'admin' > POST /dbbroker HTTP/1.1 > Host: 192.168.0.11 > Authorization: Basic YWRtaW46JU44QlZqV3c1ZVVf > User-Agent: curl/7.64.0 > Accept: */* > X-CSRFToken: SqzNmy9s78lY3LydAw217jaeKxLW04zhFem0mVmEHI6jR5pwL08fDGZWQlZpO_X_0IeKtmZQ0pvv-xYiBRVE0X4B4kh9Mz3j3D3hWorJSmY= > Content-Type: application/x-www-form-urlencoded; > X-Requested-With: XMLHttpRequest > Content-Length: 376 > * upload completely sent off: 376 out of 376 bytes < HTTP/1.1 403 Forbidden < Date: Tue, 17 Mar 2020 23:05:48 GMT < Server: Apache < Access-Control-Allow-Headers: csrfpid, x-requested-with < WWW-Authenticate: Basic realm="ReadyNAS Admin" < Content-Length: 217 < Connection: close < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /dbbroker on this server.<br /> </p> </body></html> * Closing connection 0
As you can see, it has the token, but it still reports "Forbidden".
I wrote up exactly how to perform remote shutdown of a ReadyNAS here:
5 Replies
Replies have been turned off for this discussion
Did you try using https in your script instead of http?
jtnn60 wrote:
StephenB wrote:
Did you try using https in your script instead of http?
Of course! I get the same error in both situations.
One option is install sshpass and switch to ssh - using rnutil rn_shutdown to do what you want. You'd of course need to enable ssh
# sshpass -f <(printf '%s\n' nas-admin-password) ssh root@nas-ip-address rnutil rn_shutdownNote I haven't tested the above command (though ssh root@nas-ip-address rnutil rn_shutdown definely works if you type in the password.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
