
RouterSploit – Router Exploitation Framework - adamnemecek
https://github.com/reverse-shell/routersploit
======
utefan001
This one is not for routers, but every windows admin should be aware if you
don't use two factor auth your password hashes can be extracted from memory
from every windows computer on your network that you logged into (until
reboot).

[https://github.com/funkandwagnalls/ranger](https://github.com/funkandwagnalls/ranger)

"Ranger is a command-line driven attack and penetration testing tool, which
has the ability to use an instantiated catapult server to deliver capabilities
against Windows Systems. As long as a user has -ONE- set of credentials or a
hash set (NTLM, LM, LM:NTLM) he or she can gain access to systems that are
apart of the trust.

Using this capability a security professional can extract credentials out of
memory in clear-text, access SAM tables, run commands, execute PowerShell
scripts, Windows Binaries, and other tools. At this time the tool bypasses the
majority of IPS vendor solutions unless they have been custom tuned to detect
it. The tool was developed using our home labs in an effort to support
security professionals doing legally and/or contractually supported
activities."

~~~
theebrownieee
Thanks for the shout out. This is Dev from the team that just released Ranger
at BSides Charm this weekend. Happy to get Chris and Jon involved if anyone
has some questions.

~~~
utefan001
I was there. Great tool and presentation!

~~~
theebrownieee
Thanks! Much appreciated :)

------
smcquaid
Looks great - exactly like metasploit. Why not just build a module for
metasploit?

~~~
ausjke
same question, but indeed looks great

------
iuguy
Can anyone tell me why this shouldn't be a set of modules for metasploit? I
appreciate the effort put in, the python/ruby argument and that the MIPS_LE
shellcode for meterpreter breaks on a lot of boxes, but is there a specific
reason why the wheel is being reinvented here instead of putting efforts into
extending and improving what's already there?

------
update
looks really neat. nothing for my router (Actiontec) unfortunately

also, i had to remove the 'belkin' exploits from the scanner because i kept
getting 'connection reset by peer' errors

~~~
breakingcups
Don't you mean fortunately? :)

------
jagermo
anyone tried it with the new Windows Bash?

~~~
faded242
Sorry, too busy coding bots.

------
homero
Incredible

------
nickthemagicman
Any good tut's on using this for noobs?

~~~
PeCaN
In the least abrasive way possible – If you're a self-described 'noob', I feel
like investigating router exploits is going to be more confusing than
anything. Embedded devices can be quite different from what you're used to.

With that out of the way – the Usage section of the README is pretty
approachable and about as straightforward as router testing gets:
[https://github.com/reverse-
shell/routersploit#usage](https://github.com/reverse-shell/routersploit#usage)

~~~
chris_wot
Without wanting to encourage script kiddies in any way, but how would a noob
go from noob to informed? Genuine question, I promise no snark intended :-)

~~~
mixedCase
1) Read documentation and try to understand.

2) Google what you don't understand.

3) Repeat.

Obviously, consuming all sorts of books and general information on the subject
you wanna learn about helps, and can complement/substitute Googling.

