How To Exploit A Router Using An Unrooted Android Phone

What Are Routers?

A Router is a physical or virtual appliance that helps pass information between connected systems on a computer network. It inspects the given data packet’s destination IP address, computes the best way for the package to reach its destination, and then forwards it accordingly. 

It is a common type of gateway which is positioned where two or more networks meet. Not many know that router is not just about providing the internet. Routers have their Linux computers as well! 

network-connection

They are responsible for routing internet traffic, giving encryption to protect our privacy, and connecting us to other devices. Most of us hardly care to change our default passwords, but I suggest you change them. Why? You’ll get to know that in a while.

Difference Between A Rooted And Unrooted Device

Rooting, in a way, makes you the master of your device. How? Well, after rooting, you can install the unsupported apps by google, unlock your operating system, replace the firmware, overclock or underclock your processor, add custom ROM, increasing battery life, free space of system files to a specific limit, store apps or games in SD card when you’re running out of internal storage and many more. 

In short, it helps to overcome the limitations that wireless service providers and hardware manufactures of android phones put on specific devices. Despite several advantages, there are certain disadvantages as well. Your phone’s warranty may end( depending on the company’s policy), you may end up making your phone a box that’s good for nothing. 

By missing out on specific steps while rooting, you are more exposed to malicious softwares. Rooting is a complex process and is not advisable if one does not have the proper knowledge.

Android phones are unrooted by default. They have their security shield and limitations, which do not let the user make any changes that can damage the hardware. These devices are the just opposite of rooted devices.

Exploiting A Router 

It means exploiting a vulnerability or default settings of the router to get shell access. Once your router is hacked, criminals can steal your personal information, use your network to attack other systems, send you fake malicious sites, and upload malware.

Pre-requisites 

  • An unrooted Android phone 
  • You need to know the IP address of the target router.
  • Termux app on your device. It is a Linux Environment app that works without rooting or the setup. It combines powerful terminal emulation with an extensive Linux package collection. At first, a small base system is downloaded. The desired packages can then be installed using the apt packet manager. Access the built-in help by long-pressing anywhere on the terminal and selecting the Help menu option to learn more.

There are ways(usually apps) to check for the available wireless networks in your area, which can be the suited targets. I am not mentioning the ways to keep it legal; you can google it if you want.

android

Steps For Exploiting A Router Using An Unrooted Android 

The steps given below are for educational purposes only.

Step-1 Installing termux on your device.

One can simply find the app on Google Play Store. Your android version should be greater than 5.0. It is a command-line tool, so everything that we’ll do would be in commands.

Step-2 Commands required

When you open termux for the first time, there are specific changes that you need to make and install some packages. The commands to be given are-

  1. apt update (for updating termux)
  2. apt upgrade
  3. pkg install git (for installing routersploit via GitHub)
  4. pkg install python (for running python scripts)
  5. pkg install python2

Wait for one command to be executed entirely and then type in the next order. You have all the required packages now installed.

Step-3 Installing Router sploit

As packet injection is not supported, we will need a framework like routersploit. It is a robust framework, just like Metasploit, which helps identify and exploit the routers’ common vulnerabilities. As all our packages are installed, we now need to run the following command to install routersploit:-

git clone https://github.com/reverse-shell/routersploit

Step-4 Running Router sploit 

Here is another list of commands that you need to execute patiently.

  1. ls (list the names of files and folders present)
  2. cd routersploit (to change directory)
  3. pip2 install –r requirement.txt 
  4. pip2 install requests 
  5. pip install future
  6. python rsf.py (to run the python script)

rsf.py python script contains the code to install routersploit

After successfully installing router sploit, now type

  1. show all (Will show module options)
  2. use scanners/auto pawn (this will open the scanner and begin scanning the target)

In case you want to exploit nearby networks, consider installing the apps available to locate the IP address.

  1. show options (to see available options on any module)

Here we will set the target IP of the router we want to attack. Make sure the device is connected to the network. Now enter the following command on your terminal window for doing the same-

set target <IP_address>

Replace <IP_address> with the target IP address. Enter show options again for rechecking if you want.

Now type run and press enter; the module will start displaying the list of found vulnerabilities for your target router. Vulnerabilities are all one needs to attack! Users can also learn how to port forward Asus router to make things easier and user-friendly.

Step-4 Exploiting the found vulnerabilities

Once the scan is completed, type use and then the path provided by autopen to exploit.

Example- use <path>

Congratulations!

Warning: It is not legal to hack a router even if it is undefended. This article is for educational purposes only.

Leave a Reply

Your email address will not be published. Required fields are marked *