RouterSploit Framework

July 18, 2018 | Views: 4773

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

About RouterSploit and How to Set It Up

Hello, and welcome to another one of my tutorials here at Cybrary. Before you continue reading this, I must let you know that it is illegal to perform exploit attacks if you don’t have permission or if you aren’t the owner of the network upon which the attack is being performed.

The RouterSploit exploitation framework is pretty much the same as that of Metasploit. It uses pretty much the same options and commands. So here, I’ll talk a little bit about RouterSploit before we start. RouterSploit is an open-source framework, which allows an attacker to scan and even use different exploits on the target if vulnerable. When exploited, you can use different payloads to continue the exploitation to other machines on the same network; it all depends on what kind of vulnerability the router possesses.

This framework has a few requirements before it can actually function for you. I’m using Kali Linux for this tutorial, and I will let you know where to download it from and how to set it up if you are using Kali Linux.

The requirements for this framework are the following:

  • future
  • request
  • paramiko
  • pysnmp
  • pycrypto

I have added the link for Github – RouterSploit below:

Github – RouterSploit

So let’s continue to the installation process:

  1. Open your terminal.
  2. apt-get install python3-pip
  3. git clone https://www.github.com/threat9/routersploit
  4. cd routersploit
  5. python3 -m pip install -r requirements.txt (This will basically install and set up the requirements I wrote before.)
  6. python3 rsf.py

And you are done, but keep the terminal fired up with RouterSploit, because we are going to the exploitation part next.

Scanning and Exploitation

So, the first thing we want do is to find our router IP address. This can be found if you go the the Wi-Fi settings in Kali Linux; there, you will find the standard router.

Now, we come back to the RouterSploit Framework. We are going to use one of the scanners, and this will actually test the router for different exploits on the router.

You are now going to type the following for all the magic to work:

  1. use scanners/autopwn
  2. show options (This will show all the options you have)
  3. set target 192.168.0.1 (here you type your router IP Address)
  4. run

Now, you will see the exploits going through your terminal. You will also see the green color on the exploits run if it’s vulnerable. Let’s now say that one of the exploits turns green. Here’s an example: exploits/generic/heartbleed

What we are going to do here is use this exploit on our target, so follow me again.

  1. use exploits/generic/heartbleed
  2. show options (make sure your target is correct with the IP Address)
  3. check (this will check if the target is 100% vulnerable, so you don’t waste time on a false positive)
  4. run

So now, you are in. RouterSploit is a great tool. Sadly, however, it is also used for illegal activity online. You are able to make different scans using nmap for different ports that are connected to routers. And in that way, you are able to exploit networks you aren’t even connected to on your computer. So, make sure that you only do this on your own network or make sure that you have permission.

Please also check my other tutorials here on Cybrary. I have tutorials on how to crack Wi-Fi, manually perform SQL injections, and so on.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel