How to Hack a Router with RouterSploit on the Raspberry Pi

A majority of people do no update their routers or other IOT (Internet of Things) devices on their network, this is where RouterSploit comes in. RouterSploit will search a device for multiple known exploits and vulnerability and if any are given will give you access to these devices. RouterSploit will also check these device credentials and attempt to find if the device is using the default username and password. Updating your device firmware and changing passwords are the easiest and best way to protect your system from hackers, yet many people do not do these steps. also many older IOT devices like IP Cameras or printers might not even be supported anymore and these devices may have vulnerabilities that will never be patched and can compromise your whole network.

RouterSploit is a python script which will scan devices for multiple exploits and vulnerabilities and mainly focuses on embedded devices like IP cameras, routers and printers. You just need to set the target IP address and run the script and RouterSploit will do the rest. You can only check devices that are on your network, meaning you need to be connected to the same network as the device you are trying to hack. You can scan many routers, printers, IP cameras and any other devices that are on your network.

Using the Raspberry Pi to run RouterSploit makes it easy to check networks on the go. You can bring your Raspberry Pi over your friends house and connect into their network and check their network for any vulnerabilities. The Raspberry Pi is so cheap and easy to work with which makes it a great pen-testing tool to have. I will show you how to install RouterSploit on the Raspberry Pi and how to use the basic features of RouterSploit.

Objective

To install RouterSploit on the Raspberry Pi

Material

You will need the following:

Instructions

We’ll be installing the latest version of RouterSploit, which at the time of writing this article was 3.3. I will assume you are connecting to your Raspberry Pi over SSH. If you are working directly on the Raspberry Pi simply open up a terminal window and run the commands from there. I tested this using a Raspberry Pi 3 running Stretch but this should work for older versions as well. I also had the GUI running on my Raspberry Pi which may include some packages pre-installed. For example the lite version of Stretch will not have ‘git‘ installed and you will have to install ‘git‘ before running the ‘git‘ command.

Lets get started. Open up a terminal or connect to your Raspberry Pi and run the following commands to make sure your Raspberry Pi is up to date before installing new software:

Install ‘pip’ for Python3 which will be used to install Python packages

Now we can download RouterSploit from Github using the ‘git’ command:

Change into the ‘routersploit’ directory that was just created and install RouterSploit using the following command:

That’s basically it, to run RouterSploit use the following command:

I had some issues when I first tried running RouterSploit. Here are two issues I experienced and what commands to run to fix the issues:

Error #1

I got the following error when I first ran RouterSploit:

To fix this error we will need to install ‘future‘. When we installed RouterSploit using the command above it should have installed ‘future‘, but for some reason it did not install for me. Run the following command to install ‘future‘:

Error #2

I got the following errors when trying to scan a device for vulnurbilities:

I got this error because my ‘pyasn1‘ module was outdated. To check the current version of ‘pyasn1‘, run the following command:

This was my output. You can see there is a new version available.

To update my ‘pyasn1‘ module I ran the following command:

Running RouterSploit

Hopefully everything is working fine and RouterSploit runs with no errors. You should see the following if RouterSploit started with no errors

RouterSploit on the Raspberry Pi

 

Okay, now lets check our Router for vulnerabilities. First we must select the autopwn scanner which will scan all know vulnerabilities and exploits using RouterSploit. Type the following command into RouterSploit to run the scanner:

Now lets set our target. I will be using my own router’s IP address which is 192.168.1.1:

To start the scanner simply type in ‘run‘. RouterSploit will go through all the exploits and vulnerabilities and check the router. If it finds anything it will report at the end of the report. You’ll also see a green ‘+‘ as the results are scrolling. Type ‘run‘ to start the scan:

Beginning of the RouterSploit scan

This is basically the basics of RouterSploit. You can scan your network if you have nmap installed on your Raspberry Pi to check what devices are connected to your network and set these IP addresses as targets and scan them as well.

Leave a Reply