The various tools described earlier are connected to a wireless network by cracking the password directly. Because in all devices in a wireless network environment, routers are one of the most important devices. Usually the user sets a more complex password to secure the router. Even some users may use the router's default user name and password. However, there are some vulnerabilities in the router itself. It may not be easy for a user to start working on a complex password. At this point, you can exploit the vulnerability of the router itself. This section describes the use of the Routerpwn tool to implement an attack router.
Routerpwn may be one of the easiest tools to use. It is used to view the router's vulnerabilities. Routerpwn is not included in Kali, it is just a website. Its official address is http://routerpwn.com/. The vulnerability of this web site involves many vendors of routers, as shown in 9.42.
Figure 9.42 Routerpwn Main Page
From this interface, you can see routers with many vendors, such as D-Link, Huawei, Netgear, and Tp-link, which are commonly used in China. Select the appropriate manufacturer according to your target router, select Tp-link here, and the interface shown in 9.43 will be displayed.
Figure 9.43 Supported models and vulnerabilities
From this interface, you can see the Tp-link routers that support 16 models and the vulnerabilities that can be exploited. The vulnerability date, vulnerability description information, and an option [SET IP] are displayed in the Router vulnerability list. This option is used to set the IP of the destination router.
Instance 9-6 leverages the Webshell backdoor vulnerability to obtain a remote router (in this case, the router IP address is 192.168.0.1) command line. The following steps are shown below.
(1) Click the [SET IP] button in Figure 9.43 and a dialog box will appear, 9.44.
Figure 9.44 entering the destination router IP address
(2) In the dialog box, enter the IP address of the router you want to attack. Then click the OK button and the dialog box shown in 9.45 will pop up.
Figure 9.45 Login Router dialog box
(3) In this interface enter the login router user name and password, the general router default username and password is admin. Then click the "Sign in" button and the interface shown in 9.46 will be displayed.
Figure 9.46 Command Line interface
(4) At this point, the interface can perform some commands to view the router information, such as viewing processes, networks, routing tables, and Nat. Or simply click on the button in the right column in Figure 9.46 to see the relevant information. When executing commands in this interface, you need to enter a user name and password. The user name and password here are the user name and password (Osteam and 5up) provided by the Webshell backdoor vulnerability in the ROUTERPWN Web site. For example, clicking the View Network button will display the interface shown in 9.47.
Figure 9.47 Network connection information for the router
(5) From this interface, you can see all the connected network interface information, such as the IP address, MAC address and transmission rate of the interface. If you want to view by executing a command, enter the Ifconfig command in the instruction box. Then click the "Send" button, shown in 9.48.
Figure 9.48 Run a command to view network information
(6) After clicking the "Send" button in the interface, the output information is the same as in Figure 9.47.
Kali-linux Attack router