27 C
Jaipur
Thursday, October 29, 2020

Exploitation Framework for Embedded devices

Must read

UbuntuDDE Remix 20.10 Released With Linux 5.8, Snap Plugin, And More

Earlier this year, we reported about a brand new UbuntuDDE Remix that combines the power of Ubuntu Linux and Deepin Desktop Environment (DDE) from...

How to Use apt-cache Command in Linux

With apt-cache command, you can search for package details in the local APT cache. Learn to use apt-cache command in this tutorial. What is apt-cache...

AMD Releases Its RX 6000 Series of GPU to Take on Nvidia

AMD yesterday finally unveiled its brand new GPUs — the much awaited Big Navi announcement with the RX 6000 series of graphics cards. The...

Flipkart quiz October 29, 2020: Answer these five questions to win gifts, coupons and Flipkart Super coins

Flipkart quiz is live on Flipkart mobile app. For the unknown, the quiz starts daily at 12am and runs till 12pm. The quiz...

The RouterSploit Framework is an open-source exploitation framework devoted to embedded devices. It includes various modules that aid penetration testing operations:

  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit

Requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp

Installation

[email protected]:~# apt-get install routersploit

Usage Exploits

The routersploit a similar tool like Metasploit, very easy to create more modules. Anyone can extend the tool easily with the help of exploit databases.

To get the code skeleton.

Checking for Misfortune Cookie vulnerability:

It is a critical vulnerability which allows an attacker to take remote control of a router connected to the Internet and it can be fixed only by hardware vendors.

[email protected]:~# routersploit
rsf > use exploits/multi/misfortune_cookie
rsf (Misfortune Cookie) > show options

Scanner

Scanner Quickly checks the target is vulnerable to any exploit, here we are to use autopwn scanner which for all vulnerabilities.

rsf use scanner/autopwn
rsf (Autopwn) > show options
rsf (Autopwn) > set target IP
rsf (Autopwn) > run

Exploitation Framework for Embedded devices - RouterSploit
Exploitation Framework for Embedded devices - RouterSploit

CREDS

RouterSploit has various creds modules that can brute force various services, including HTTP, SSH, and Telnet.

Services supported:

  • ftp
  • ssh
  • telnet
  • http basic auth
  • http digest auth
  • http form auth
  • snmp

As like every brute force tool you should prepare a wordlist, every service two modules for reference (ftp_bruteforce,ftp_default)

ftp_default as the name indicates it will check for default credentials and the process will be completed in minutes.

ftp_bruteforce do a dictionary account over single or multiple user accounts with credentials provided in the list.

You can find the video Tutorial in Github page.

  • Author: Reverse Shell Security
  • License: BSD-3-clause

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

UbuntuDDE Remix 20.10 Released With Linux 5.8, Snap Plugin, And More

Earlier this year, we reported about a brand new UbuntuDDE Remix that combines the power of Ubuntu Linux and Deepin Desktop Environment (DDE) from...

How to Use apt-cache Command in Linux

With apt-cache command, you can search for package details in the local APT cache. Learn to use apt-cache command in this tutorial. What is apt-cache...

AMD Releases Its RX 6000 Series of GPU to Take on Nvidia

AMD yesterday finally unveiled its brand new GPUs — the much awaited Big Navi announcement with the RX 6000 series of graphics cards. The...

Flipkart quiz October 29, 2020: Answer these five questions to win gifts, coupons and Flipkart Super coins

Flipkart quiz is live on Flipkart mobile app. For the unknown, the quiz starts daily at 12am and runs till 12pm. The quiz...