Similar to Metasploit, RouterSploit is a powerful vulnerability exploitation framework that is used to quickly identify and exploit common vulnerabilities in routers. Another highlight of it is that it can run on the vast majority of Android devices.
If you want to run it on your computer, you can read this article, and this tutorial will show you how to easily install RouterSploit on a non-rooted Android device, so that as long as your smartphone can connect to these vulnerable routers and you can penetrate them.
RouterSploit vs Router
Routers are the channels through which we connect the world. They manage Internet communications, encrypt our traffic, protect our privacy, and connect us to other devices on the internal or external network.
A large number of people take it for granted that this device is so good. They also think that as soon as it is connected and provided with the Internet, the installation work is completed. However, they do not know that the router itself is a Linux computer. Many people use the control panel of the administrator account. The default password is left, and some have not been logged in at all and have been installed and updated.
If this sounds like it's talking to you, then you should change the default password and then watch the rest of the tutorial.
Because routers are easily overlooked, there are often common vulnerabilities that can be exploited by the correct program. RouterSploit exploits the most common vulnerabilities and default settings, allowing you to quickly assess and exploit routers with any device that supports Python scripts.
Debian Linux on Android
In order to run on an Android device, most tools require root access, which is not easy to obtain and is not particularly secure. In order to run RouterSploit on our devices, an application called GNURootDebian can replace us with installing the Debian system on the Android device, and Kali is based on Debian.
Running RouterSploit on an Android device
Kali ensures that most of the dependencies we need are installed, so we need to install many dependencies on the Android version of Debian to ensure the tool runs properly. This method does not require root permissions or other strange permissions, and it also allows us to run Python tools under Linux on Android phones.
Using attack frameworks on Android devices
The Android environment allows you to use many wireless attack techniques to guide your attacks and assessments. On a device, there are many applications that can help you detect, connect, and attack any open access point. Here are some of the applications I use.
For detection and authentication of wireless networks in an area, Wigle Wifi Wardriving allows you to view, log, and interact with surrounding wireless transmissions. If you want to scan network and authentication information, IP addresses and available services, Fing Network Scanner can scan everything on any network you connect to and return detailed information about each connected device. Once you target a device, RouterSploit's automated intrusion scans will display all available intrusion vectors on the current target.
Using unrooted Android devices as an attack platform
Using the powerful Linux framework on Android, we have one more way to invade from an intuitive perspective. And in the event someone is caught doing something unusual, using an Android phone will create less suspicion than using specially made hardware.
As the saying goes, if you want to do your job well, you must first sharpen your tools, and hacking tools are no exception. GNURootDebian has the ability to quickly build a platform for intrusions, and allows anyone to audit router security without using special tools. It does not take long. You'll learn how to take control of your router while pretending to play Pokémon.
Essential before you start
The beauty of this build method is that you only need an Android device. I used a Samsung Galaxy S8 because carrying a giant curved glass screen everywhere reminds me how fragile life is. Having said that, you can use any support. GNURoot Debian for Android devices.
Step 1: Install GNURoot Debian
To get started, we need to install GNURoot Debian, which as mentioned earlier will allow us to run Debian Linux on a phone without root. In the Google Play Store, search for GNURoot Debian or click here.
great goatee
Download this application (about 60MB, the Internet speed may be a bit slow). Once the application is installed, it is time for you to run it for the first time. When you open it for the first time, you will see that the Debian environment is being set up, and there is a lot of text in Scroll quickly.
Wait a few minutes. After the installation is complete, you will see the screen shown below.
Once the Debian Linux installation is complete, the next step is to install the dependencies.
Step 2: Install dependencies
Debian Linux on Android doesn't come with any specific dependencies pre-installed like Kali does, so we'll have to start with a lot of things, especially Python, since we'll need it to run the modules we want. First, we need to update.
Next execute the following command:
These two commands will install sudo and git. After that, you can get the source code from Github. In addition, you need the following commands.
Step 3: Install RouterSploit
Once the dependencies are installed, you can execute the following command
Step 4: Run RouterSploit for the first time
After the installation is complete, you must want to run it to see if it is really useful. At this time, you need to return to the Home directory and execute the following command:
Then run the Python script like this:
After a few seconds of loading, it will run successfully. (The usage method is similar to metasploit)
You can run autopwn and execute the following command:
As the name suggests, this command will run autopwn to scan the target.
Step Five: Setup and Start
If the Wigle Wifi Wardriving mentioned above is installed on your mobile phone, it will be easy to discover the surrounding wireless networks. You can use Fing to scan for wireless networks. I won’t go into details here.
Once you know the target's IP address, you can put it into autopwn and enter the following command to see the options
In this way, we can set the IP address of the target. The specific command is as follows:
Type "show options" again to check the current settings, but when you are satisfied with the settings, enter the following command to get started
Step Six: Exploit the Vulnerabilities Found
When autopwn finds a vulnerability, exploiting it is very simple. At this point you only need to copy the available module path and paste it after use to start using it. for example:
Then set the IP address as before
Then enter "run" again.
(PS: In theory, many other tools can also run.)
These shooting angles once made me suspect that the original author was advertising mobile phones.
warn
812530735)]
Then enter "run" again.
(PS: In theory, many other tools can also run.)
[External link pictures are being transferred...(img-CEnShnp4-1678812530735)]
These shooting angles once made me suspect that the original author was advertising mobile phones.
warn
Even if your router is completely undefended or easily hacked, you need to understand that hacking into your router without permission is illegal, so make sure you have permission to use it. In addition, the noise made by autopwn may be a bit loud and may be detected by some security defense measures.
What knowledge do you need to learn to get started with the basics of network security?
Cybersecurity learning route
This is an overview of the learning route outline for network security from basic to advanced. Friends, please remember to click and add it to your collection!
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-v19T846c-1677167179814) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)] Edit
Stage One: Basic Introduction
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-sRoDZu4K-1677167179814) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Introduction to Cyber Security
Penetration Testing Basics
Network basics
Operating system basics
Web security basics
Database basics
Programming basics
CTF basics
After completing this stage, you can earn an annual salary of 15w+
Stage 2: Technical advancement (at this point you are considered a beginner)
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-il25GFVz-1677167179815) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Weak passwords and password blasting
XSS vulnerability
CSRF vulnerability
SSRF vulnerability
XXE vulnerability
SQL injection
Arbitrary file manipulation vulnerability
Business logic vulnerability
The annual salary after studying at this stage is 25w+
Stage three: high-level promotion
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-ITOSD3Gz-1677167179816) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Deserialization vulnerability
RCE
Comprehensive shooting range practical project
Intranet penetration
Traffic Analysis
Log analysis
Malicious code analysis
Emergency Response
Practical training
After completing this stage, you can earn an annual salary of 30w+
Phase 4: Blue Team Course
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-SKCwwld2-1677167179818) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Blue Team Basics
Blue team advanced
This section focuses on the defense of the blue team, the network security engineers who are more easily understood by everyone.
With both offense and defense, the annual salary income can reach 400,000+
Stage 5: Interview Guide & Stage 6: Upgraded Content
You need the network security supporting videos, source codes and more network security related books & interview questions corresponding to the above roadmap.