Before getting to know about this concept, one should have a clearer knowledge about a router. So the router is basically any virtual rather than physical appliance that aids with the transfer of various information among the systems that are connected to the network of a computer. All it does is inspect the IP address of the destination of the data packet. Then does computation to order to attain the most suitable path for that data packet to reach its destination. And last but not the least, it then is responsible for forwarding it according to the prior mentioned things.
Getting back on track with our topic,’ How To Exploit A Router Using An Unrooted Android Phone,’ let us know the meaning of exploiting a router. So exploiting signifies the utilization of unguarded or the settings of the router at its default state in order to achieve the shell access. This means that criminals can easily make use of all the personal data or attack other systems by using the user’s network or trouble the user with malicious fake websites or even sync malware. And all this could happen once the router of the user is hacked. This is because the router and the wifi have a default login IP 10.90.90.90. This is often used to get into your system.
The beauty itself lies in its installation. In order to exploit a router using an unrooted android, one must follow the following steps:-
- Begin with the installation of Termux on the system. It is basically a terminal emulator application that is enhanced with a large set of command-line utilities. Again, precisely being gated to Android OS.
- After opening this application for the very first time, some precise alterations are needed to be made, and a few of the packages are needed to be installed. Listed below are the steps to be given:-
2.1In order to update Termux, apt update
2.2Followed by the apt upgrade
2.3For the installation of router sploit through the GitHub, we need pkg install git
2.4Then we have pkg install python in order to run the python scripts
2.5At the end, we need pkg install python2
Later on, the user must type in the next order after waiting for the command to be entirely executed. In the end, we now have installed all the packages that were required.
- There is a need for a framework, such as a router sploit, since packet injection is not supported. So it basically first identifies and then exploits the usual vulnerabilities of the router. And as all the required packages are installed, git clone https://github.com/reverse-shell/routersploit, will aid in the installation of router sploit.
- Next, we have some commands that gets executed correctly in order to run the router sploit:-
4.1 For listing the names of all the existing files and folders, ‘ls’
4.2 We use the ‘cd router sploit’ in order to alter the directory
4.3 pip2 install -r requirements.txt
4.4 pip2 installation for future requests
4.5 pip install for the future
4.6 Python rsf.py, in order to run the python script
Post-installation of router sploit, the user needs to type the following commands:-
For showing options of the module, show all.
To open the scanner and start the target scanning, auto pawn or use scanners.
One must consider the installation of apps that are presently available to locate the IP address in order to exploit the networks that are nearby.
To look for all the options available for any module, show options.
In this, one needs to set its desired target IP, which needs to be attacked. One thing to be sure about is that the device must be in connection to the network. Therefore, the below-mentioned command needs to be entered into the terminal window in order to do the same.
set target <IP_address>
Now, we replace <IP_address> with the IP address which is targeted. In case of reassurance, one can type show options again only if they wish to.
Next, we type run followed by pressing the enter key. Hence we now see the module starts to display the list of all the vulnerabilities that are found in the router, which is made a target as it is these vulnerabilities only that are supposed to be attacked.
5.Last but not least, we exploit all the vulnerabilities that are found. After the completion of scanning, one needs to type use. Followed by the provided path of the autopen in order to exploit.
For example: use<path>
In short, router sploit is similar to Metasploit due to its very powerful framework. Not just this, it can usually be seen running on most of the Android devices. Even though we see the router completely being undefeated and being easily pwned, it is not a legal thing. One needs to gather all the needed permissions in order to audit the pwning router. This is because the scanner for Autopwn makes a lot of noise and thus could be easily detected.