About RouterSploit and How to Set It Up
Hello, and welcome to another one of my tutorials here at Cybrary. Before you continue reading this, I must let you know that it is illegal to perform exploit attacks if you don't have permission or if you aren't the owner of the network upon which the attack is being performed.The RouterSploit exploitation framework is pretty much the same as that of Metasploit
. It uses pretty much the same options and commands. So here, I'll talk a little bit about RouterSploit before we start. RouterSploit is an open-source framework, which allows an attacker to scan and even use different exploits on the target if vulnerable. When exploited, you can use different payloads to continue the exploitation to other machines on the same network; it all depends on what kind of vulnerability the router possesses.This framework has a few requirements before it can actually function for you. I'm using Kali Linux for this tutorial, and I will let you know where to download it from and how to set it up if you are using Kali Linux
.The requirements for this framework are the following:
I have added the link for Github - RouterSploit below:Github - RouterSploitSo let's continue to the installation process:
- Open your terminal.
- apt-get install python3-pip
- git clone https://www.github.com/threat9/routersploit
- cd routersploit
- python3 -m pip install -r requirements.txt (This will basically install and set up the requirements I wrote before.)
- python3 rsf.py
And you are done, but keep the terminal fired up with RouterSploit, because we are going to the exploitation part next.
Scanning and Exploitation
So, the first thing we want do is to find our router IP address. This can be found if you go the the Wi-Fi settings in Kali Linux; there, you will find the standard router.Now, we come back to the RouterSploit Framework. We are going to use one of the scanners, and this will actually test the router for different exploits on the router.You are now going to type the following for all the magic to work:
- use scanners/autopwn
- show options (This will show all the options you have)
- set target 192.168.0.1 (here you type your router IP Address)
Now, you will see the exploits going through your terminal. You will also see the green color on the exploits run if it's vulnerable. Let's now say that one of the exploits turns green. Here's an example: exploits/generic/heartbleed
What we are going to do here is use this exploit on our target, so follow me again.
- use exploits/generic/heartbleed
- show options (make sure your target is correct with the IP Address)
- check (this will check if the target is 100% vulnerable, so you don't waste time on a false positive)
So now, you are in. RouterSploit is a great tool. Sadly, however, it is also used for illegal activity online. You are able to make different scans using nmap for different ports that are connected to routers. And in that way, you are able to exploit networks you aren't even connected to on your computer. So, make sure that you only do this on your own network or make sure that you have permission.Please also check my other tutorials here on Cybrary. I have tutorials on how to crack Wi-Fi, manually perform SQL injections, and so on.