RouterSploit -- Rule The Router

RouterSploit is a effective tool against routers. This framework is designed especially for embedded devices.
Many people did not update the framework of routers/security cameras and the older frameworks are may vulnerable. RouterSploit is a grate tool to find exploits in those routers and IP-Cam or CCTV.
Before we start, we need to install this tool in Kali Linux manually, unfortunately this tool doesn't come with pre-loaded with Kali. The installation process is very simple as we installed some custom tools from github.

This tool is written in Python 3 so we need to install python3 environment in Kali Linux if it is not pre-installed. To install python 3 use following command:

apt-get install python3-pip

Then we use the following command to clone the Github repository:

git clone https://github.com/threat9/routersploit
After cloning the repository we need to go to the routersploit directory by using following command:

cd routersploit
Now we need to some additional tools to run Routersploit framework to install those tools run following command in routersploit's directory.

python3 -m pip install -r requirements.txt
After the process is complete we are ready to run Routersploit framework. Run Routersploit by using following command:

python3 rsf.py
Now RouterSploit is in front of you just like the following screenshot:


How To Use

To perform an attack against a router, we just type this:

use exploits/name_of_router/name_of_exploit
The screenshot of the preceding command is following:



Now we see the available option of the exploit we choose. To do this we use the following command:

show options
Screenshot is following as always.



Now we need to set the target using following command :

set target 192.168.1.1
The screenshot is following:



To exploit we just type

exploit
Or
run
\\

Use of scanners command

The following steps are used to describe the scanners command;

To scan a Cisco router, we need to use the following command:

use scanners/cisco_scan
We can check the options here by using following command:

show options
The screenshot is here:


To run a scan against a router,  we first set the target by using target's ip address :


Now we need to run it, and it will show the exploits of the vulnerable routers:


Here, my router is not vulnerable but may be your target will.


Use of creds


RouterSploit can be used to test default password combinations of routers or security cameras by the bruteforce attack. This will be very effective against those who did not change their username and passwords.

We can use the creds command to run the bruteforce attack on the targets by using following commands:

use creds/telnet_bruteforce
The screenshot is following:


Next we check for option by using following command:

show options
Screenshot ??  Scroll-down



Now set the target with the Internet Protocol Address (IP Address).

set target 192.168.x.x
Let it run and whenever it will find the login RouterSploit will show us.


RouterSploit -- Rule The Router RouterSploit -- Rule The Router Reviewed by Kali Linux on February 12, 2019 Rating: 5

No comments:

Powered by Blogger.