As part of Penetration Testing activities, we need to check whether routers, wifi security cameras or any other internet of things(IoT) devices that act as access points have vulnerabilities that a hacker may use as a backdoor or be able to destroy the device by injecting malicious codes. Routersploit is the most popular tool used by hackers to carry out their attacks and as a Penetration Tester, knowing what hackers use can help prevent the attacks by knowing the vulnerability of devices before hackers discover them.
RouterSploit is a handy hacking tool targeted at routers. It is made in Python. By using Python, the hacking tool has automated most of the tasks related to hacking and compromising routers. As mentioned previously it is Modeled after Metasploit and thus can be easily be used by people familiar with Metasploit, Routersploit has no graphical user interface(you can imgaine yourself as a wannabe computer expert just like those in the movies).
To install routersploit on kali linux, follow these steps(Type the following into the terminal:):
- git clone https://github.com/threat9/routersploit
- cd routersploit
- python3 -m pip install -r requirements.txt
If you succeeded in the installation, just run routersploit by typing "python3 rsf.py" on the terminal.
The router ip address must be known at this stage. The ip address of a router can be found using nmap scan or any other popular techniques.
To check the available exploits, just type "show all".
To enter into scanning mode, just type "use scanners/autopwn".
To set the target, just type set target <ip address>".
To scan for vulnerabilities, just type "run". The program will show each of the known exploits and it will indicate if the device is vulnerable/not vulnerable/could not be verified.
If you found a vulnerable exploit and you want to test that exploit, just type "use <exploit>", then type "set target <ip address>", then type "check" to confirm that the device is vulnerable. And lastly, type "run" to carry out the attack.
If the exploit was successful, other cyber attacks will follow like uploading of viruses, keyloggers, changing user passwords, and so on.
And lastly, as a reminder, the contents of this post is for educational purposes only.
In my case I tried on my Huawei WL3B310M Globe Prepaid Home Wifi Router, and I din not find any vulnerablity, maybe I should research more to find an appropriate exploit for this router, I googled it and did not find any either, I was wondering if the payload creation in Metasploit is possible, maybe I will try to do some experiments on that on my homelab.
No comments:
Post a Comment