Routersploit🚀: Weaponize the Internet of Things😎...Hack the planet!😈

CyberMorans🤗

The Internet of Things (IoT) has become one of the most important targets for hackers in recent years😄...even you, I knooooooow😉

These devices have a small, simple computer embedded in them, usually with a form of Linux as an operating system🚀. While so many of our systems have implemented more secure protocols and procedures, these devices have been left largely unprotected, many of them with default passwords left in place 😁

In recent years, attacks such the Mirai DDoS attack😈 knocked out large portions of the internet including Twitter, Netflix and CNN and other attacks have used these largely unprotected devices. Attackers compromise millions of these devices and then use them to launch Distributed Denial of Service (DDoS) attacks. With this many devices, no server or service is safe!🧐

Now that these routers and other devices have been used so effectively to DDoS nearly any entire nation, more attention is being turned to their security🚀. As a result, a tool known as the routersploit was developed to package together the best known router exploits, similar to Metasploit. In fact, the developers have tried to make the interface of routersploit🚀 similar to Metasploit🚀. This should make getting familiar with routersploit a shorter learning curve for those already familiar with the widely used Metasploit.

So Morans, Let's hack some routers!🥸

Download and Install routersploit👌

The first step, of course, is to download and install routersploit and it's requirements. Before we can do that we need to install python3-pip from the Kali repository 👇

apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py

Or simply type after installing requirements👇

./rsf.py 

Note 👆 that routersploit displays its modules across the bottom of the screen similar to Metasploit. It has 127 exploits, 4 scanners , 165 creds, 4 generic and 21 payload modules.

Explore Routersploit👌

Just like Metasploit, we can use the show command to have routersploit retrieve modules for us and display them on screen. Let's first look at the exploits🧐

In the terminal, type👇

show exploits

Routersploit👆 has 121 exploit modules that are categorized by manufacturer, model and the vulnerability. Although this may seem like quite a few, there are dozens of router manufacturers and hundreds of models🚀, so these exploits amount to just a few per manufacturer. For instance, there are 4 Huawei exploits for models HG866, HG520, HG530 and E5331. Of course, you will need to find an exploit that works for your particular manufacturer and model. The same for scanners...👇

 show scanners

Search Function👌

Routersploit has a search function, but not quite as effective and powerful as Metasploit's. Unlike Metasploit, the search function doesn't enable us to search by module type or platform, we are simply limited to keyword searches🧐. if we want to see all the modules with the keyword "creds", we can enter;

 search creds

It will display all the "creds" module as well as a few modules that contain the keyword "creds" 👇

Although we can't search by type or platform, a keyword search for manufacturer can be effective🧐. For instance, my target router is manufactured by "Linksys" . When I enter the keyword linksys after the keyword search, routersploit displays all the creds and exploit modules with the word linksys in them👇

 search linksys

Scan for Vulnerabilities👌

If we aren't sure which exploit to use and we are not concerned with stealth, routersploit has a module named autopwn that will test the router for vulnerabilities. It's scanner module. We load it just the same as we would in Metasploit with the use command followed by the name of the module👇

 use scanners/autopwn

Use the show options command to display all the options and variables for this module.

show options

set target 192.168.1.1

Once we have set the target IP address, we just enter 'exploit' similar to Metasploit👇

exploit

Get the Router Credentials👌

If we can't exploit a vulnerability in the router, we may want to simply try to get the credentials of the router and take control of it that way. In most cases, this is how many of the IoT attacks have taken place in recent years, due to the fact so many people leave the default credentials in place. To see all credentials modules👇

show creds

Note that there are numerous credential modules that target a particular router type and a particular service such as FTP, SSH, etc. In this case, let's use a brute force creds module for HTTP basic digest authentication to gain access to the router's admin panel.

use creds/generic/http_basic_digest_bruteforce

look at the options like to how we use Metasploit👇

show options

This module👆 simply requires that we enter the target IP address and it has a built in password list at /root/routersploit/routersploit/resources/wordlist. Let's leave that default setting, but we could use any wordlist from Kali or one we have downloaded by simply setting the passwords variable to the absolute path to the wordlist. Also, this module uses a default username of "admin". We could also set this variable to a file of usernames, but for now let's just use this default.

set target 192.168.1.1

start the module👇

exploit

This module will then begin to try all password combinations with the username "admin". When it completes 👆, it displays that the username of the router is "admin" and the password is "admin".

Conclusion👌

Hacking the Internet of Things has become one of the hottest areas of hacking in recent years. Routersploit has many useful modules for router exploitation and is one more tool in the hacker's tool set🚀

Subscribe to receive notifications of similar posts 😋 where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...😋

Morans,

Thank you for your time, Like and leave a comment/review and as always, stay awesome! 😋👊 💪