1
00:00:00,690 --> 00:00:02,070
Instructor: Welcome back.

2
00:00:02,070 --> 00:00:04,470
In this, and in the next video,

3
00:00:04,470 --> 00:00:07,440
I want to talk about something different.

4
00:00:07,440 --> 00:00:09,480
We attacked different machines

5
00:00:09,480 --> 00:00:11,970
from Windows machines to Linux machines,

6
00:00:11,970 --> 00:00:14,310
but in these two videos I want to show you

7
00:00:14,310 --> 00:00:18,150
that you can also target your own router

8
00:00:18,150 --> 00:00:22,080
or the router from the network that you're attacking.

9
00:00:22,080 --> 00:00:25,200
Now, it might seem that it is not that important

10
00:00:25,200 --> 00:00:26,580
to test your router

11
00:00:26,580 --> 00:00:29,610
but once you gain access to the router,

12
00:00:29,610 --> 00:00:33,720
you pretty much have the control over the entire network.

13
00:00:33,720 --> 00:00:35,520
And not only that,

14
00:00:35,520 --> 00:00:38,340
gaining access to the router is powerful,

15
00:00:38,340 --> 00:00:41,460
it means that you can change different network settings,

16
00:00:41,460 --> 00:00:44,370
that you can forward different ports, and so on, and so on.

17
00:00:44,370 --> 00:00:48,540
The routers are also the easiest devices to hack.

18
00:00:48,540 --> 00:00:50,700
You might be asking, "Why?"

19
00:00:50,700 --> 00:00:55,020
Well, because usually 90% of home routers

20
00:00:55,020 --> 00:00:59,400
and home devices have default login passwords.

21
00:00:59,400 --> 00:01:02,220
The vendors who provide homes with the routers

22
00:01:02,220 --> 00:01:05,160
never really change the default password,

23
00:01:05,160 --> 00:01:06,780
and default password is something

24
00:01:06,780 --> 00:01:08,553
that you can find on the Internet.

25
00:01:09,510 --> 00:01:11,490
These default password attacks,

26
00:01:11,490 --> 00:01:13,500
we are going to check out in the next tutorial,

27
00:01:13,500 --> 00:01:16,710
but for this one, I want to show you a cool tool

28
00:01:16,710 --> 00:01:19,260
that you can use to test on your own router

29
00:01:19,260 --> 00:01:22,770
to check out whether it is vulnerable to some exploits.

30
00:01:22,770 --> 00:01:26,070
So just type in your search bar, routersploit,

31
00:01:26,070 --> 00:01:28,380
and it'll lead you to this GitHub link

32
00:01:28,380 --> 00:01:32,100
where we'll have our RouterSploit tool.

33
00:01:32,100 --> 00:01:34,020
Now we already know how to download

34
00:01:34,020 --> 00:01:35,220
all of these GitHub tools,

35
00:01:35,220 --> 00:01:37,980
so let's copy the link straight away,

36
00:01:37,980 --> 00:01:40,050
navigate to our desktop,

37
00:01:40,050 --> 00:01:43,983
and we can get clone routersploit.

38
00:01:46,560 --> 00:01:47,850
While this is copying,

39
00:01:47,850 --> 00:01:50,790
let's go down to the installation commands

40
00:01:50,790 --> 00:01:53,670
just to see how we can install this tool properly.

41
00:01:53,670 --> 00:01:55,830
And here we have installation, Kali Linux,

42
00:01:55,830 --> 00:01:58,890
and all of the commands that we must run.

43
00:01:58,890 --> 00:02:01,320
So we must install python3.pip

44
00:02:01,320 --> 00:02:03,630
even though I believe we already have this.

45
00:02:03,630 --> 00:02:07,350
Let's run the command, just to make sure,

46
00:02:07,350 --> 00:02:10,259
and it requires root privileges,

47
00:02:10,259 --> 00:02:13,500
so let's enter the root account first,

48
00:02:13,500 --> 00:02:16,110
and let's type the same command,

49
00:02:16,110 --> 00:02:19,260
apt-get install python3.pip.

50
00:02:19,260 --> 00:02:20,640
Everything is installed.

51
00:02:20,640 --> 00:02:22,170
Let's move on to the next command.

52
00:02:22,170 --> 00:02:24,030
We already did the git clone.

53
00:02:24,030 --> 00:02:26,253
Let's change the directory to routersploit.

54
00:02:27,669 --> 00:02:30,150
(keyboard typing)

55
00:02:30,150 --> 00:02:32,763
And the next command is python3,

56
00:02:33,630 --> 00:02:36,210
and then install the requirements.

57
00:02:36,210 --> 00:02:38,880
As we can see, inside of the routersploit directory,

58
00:02:38,880 --> 00:02:41,700
we have requirements.txt file.

59
00:02:41,700 --> 00:02:44,190
And whenever you have this requirements.txt,

60
00:02:44,190 --> 00:02:46,650
we already know that we must run this command

61
00:02:46,650 --> 00:02:49,863
to install all the requirements from that file.

62
00:02:51,300 --> 00:02:53,100
Let's press enter.

63
00:02:53,100 --> 00:02:55,920
As soon as it installs all of these files that it needs,

64
00:02:55,920 --> 00:02:58,950
we should be ready to run the RouterSploit tool,

65
00:02:58,950 --> 00:03:01,503
which is this rsf.py.

66
00:03:03,000 --> 00:03:05,615
Okay, so everything is finished,

67
00:03:05,615 --> 00:03:10,080
and let's python3 rsf.py.

68
00:03:10,080 --> 00:03:12,510
And you will notice that, once you run this tool,

69
00:03:12,510 --> 00:03:16,233
it will open something that looks similar to the MSFconsole.

70
00:03:17,100 --> 00:03:19,230
We get this command line type

71
00:03:19,230 --> 00:03:22,050
and here we can execute different commands.

72
00:03:22,050 --> 00:03:26,580
It says right here that it has 132 exploits, four scanners,

73
00:03:26,580 --> 00:03:30,360
171 credential attacks, four generic attacks,

74
00:03:30,360 --> 00:03:34,110
32 payloads, and six encoders.

75
00:03:34,110 --> 00:03:36,540
Now, to check out all of the available commands,

76
00:03:36,540 --> 00:03:38,220
we can run help command,

77
00:03:38,220 --> 00:03:41,070
and it will tell us how to use a certain module,

78
00:03:41,070 --> 00:03:44,220
how to execute a shell command argument,

79
00:03:44,220 --> 00:03:48,300
and here we can also search for different tools.

80
00:03:48,300 --> 00:03:50,763
Now, if we type search scanners,

81
00:03:51,720 --> 00:03:54,900
it will give us all of the four scanners that it has.

82
00:03:54,900 --> 00:03:59,340
And in this video, we're going to use this autopwn scanner.

83
00:03:59,340 --> 00:04:01,680
This will test for all the exploits

84
00:04:01,680 --> 00:04:04,800
from the RouterSploit tool onto our target router

85
00:04:04,800 --> 00:04:08,010
to see whether it is vulnerable to any one of them.

86
00:04:08,010 --> 00:04:11,823
So let's type use scanners and then autopwn.

87
00:04:14,160 --> 00:04:17,160
Once you select it, you can type help,

88
00:04:17,160 --> 00:04:19,140
or, pardon me, you can type show options

89
00:04:19,140 --> 00:04:22,470
the same way that we do inside of the MSFconsole,

90
00:04:22,470 --> 00:04:27,270
and the only thing that we must set is target IP address.

91
00:04:27,270 --> 00:04:32,270
To do that, we can type set target 192.168.1.1.

92
00:04:33,090 --> 00:04:35,190
This is the router, in my case.

93
00:04:35,190 --> 00:04:37,470
If you want to check out your gateway or your router,

94
00:04:37,470 --> 00:04:41,340
you can type the command netstat -nr,

95
00:04:41,340 --> 00:04:42,930
and under the gateway,

96
00:04:42,930 --> 00:04:45,780
you will have the IP address of your gateway.

97
00:04:45,780 --> 00:04:48,210
Once you check it out, type it right here

98
00:04:48,210 --> 00:04:51,483
and as soon as you set your IP address, you can type run.

99
00:04:52,380 --> 00:04:54,480
As it says, it'll start the vulnerability check

100
00:04:54,480 --> 00:04:56,880
and it'll go through all of these exploits,

101
00:04:56,880 --> 00:04:58,320
and see whether your router

102
00:04:58,320 --> 00:05:00,093
is vulnerable to any one of them.

103
00:05:01,110 --> 00:05:02,970
If you have this minus sign,

104
00:05:02,970 --> 00:05:05,580
that means that the router is not vulnerable.

105
00:05:05,580 --> 00:05:07,290
If you have this star sign,

106
00:05:07,290 --> 00:05:10,050
that means routersploit cannot really determine

107
00:05:10,050 --> 00:05:13,650
whether your router is vulnerable to this security threat.

108
00:05:13,650 --> 00:05:16,800
As it says right here, it could not be verified.

109
00:05:16,800 --> 00:05:18,540
And if you have a plus sign,

110
00:05:18,540 --> 00:05:21,690
which we don't have at the moment,

111
00:05:21,690 --> 00:05:24,900
that means it found a security vulnerability

112
00:05:24,900 --> 00:05:26,550
for your router.

113
00:05:26,550 --> 00:05:30,480
In my case, I believe I don't have any at the moment,

114
00:05:30,480 --> 00:05:34,380
but you might find some vulnerability for the router.

115
00:05:34,380 --> 00:05:36,273
Let's wait for this scan to finish,

116
00:05:37,560 --> 00:05:39,090
and it is done.

117
00:05:39,090 --> 00:05:41,490
It says, "Could not confirm any vulnerability,"

118
00:05:41,490 --> 00:05:45,270
and it couldn't find default credentials.

119
00:05:45,270 --> 00:05:48,870
And this part right here is not exactly true.

120
00:05:48,870 --> 00:05:51,030
We're going to check out default credentials

121
00:05:51,030 --> 00:05:51,960
in the next video.

122
00:05:51,960 --> 00:05:54,780
However, you can test these exploits

123
00:05:54,780 --> 00:05:56,820
with the RouterSploit tool.

124
00:05:56,820 --> 00:05:59,317
You can also check out these ones that says,

125
00:05:59,317 --> 00:06:01,860
"Could not verify exploitability."

126
00:06:01,860 --> 00:06:03,270
This could possibly mean that

127
00:06:03,270 --> 00:06:05,490
they are vulnerable to these attacks

128
00:06:05,490 --> 00:06:08,160
or this exploit is simply just not the type of exploit

129
00:06:08,160 --> 00:06:10,860
that targets your router.

130
00:06:10,860 --> 00:06:13,560
Okay, now that we covered the RouterSploit tool

131
00:06:13,560 --> 00:06:16,650
we're going to see how we can gain access to the router,

132
00:06:16,650 --> 00:06:19,470
with the default credentials, vulnerability that

133
00:06:19,470 --> 00:06:23,520
at least 70 to 80% of home routers have.

134
00:06:23,520 --> 00:06:24,820
See you on the next video.