WEBVTT

0
00:01.940 --> 00:10.440
In this lecture I'll show you how to hack our and other embedded devices like IP cameras using your

1
00:10.630 --> 00:17.980
plate exploit the outer plate framework is an open source exploitation framework written in Python and

2
00:17.970 --> 00:21.200
a dedicated to embedded devices.

3
00:21.200 --> 00:28.600
It scans devices on your network to see if there is any vulnerability to a known exploit.

4
00:28.700 --> 00:37.250
For example the VPN filter malware is such an exploit designed to infect routers and it's estimated

5
00:37.340 --> 00:42.880
to have infected hundreds of thousands of routers worldwide.

6
00:42.890 --> 00:50.060
Such an exploit can be easily turned into a module and launched using RouterSploit.

7
00:50.060 --> 00:57.770
The solution to such a vulnerability is in most cases a firmware upgrade but how often do you check

8
00:57.770 --> 01:02.810
if there is a new firmware available for your router or your security cameras?

9
01:02.810 --> 01:06.560
I suppose that never or not too often,

10
01:06.560 --> 01:11.860
anyway! Most people set up for hours and forget about them.

11
01:11.900 --> 01:19.220
They don't change the default password, update the firmware or protect the them in any way.

12
01:19.310 --> 01:26.690
Such a vulnerability is like a monster sleeping in your room and waiting to be woken by someone interested

13
01:26.780 --> 01:35.260
in finding it. Let's move on a see what are the components of your RouterSploit. RouterSploit consists

14
01:35.380 --> 01:37.650
of various modules that

15
01:37.690 --> 01:46.900
aids penetration testing operations. Exploits are modules that take advantage of identified vulnerabilities.

16
01:47.000 --> 01:55.940
It's similar to metaspoloit. Creds are a module designed to test credentials against the network services.

17
01:55.990 --> 02:04.000
Scanners are modules of that check if a target is vulnerable to any exploit. Then comes the payloads, 

18
02:04.210 --> 02:11.770
which are modules that are responsible for generating payloads, for various architectures and injection

19
02:11.770 --> 02:21.300
points. And generic are modules that perform generic attacks. Before showing you how to scan routers

20
02:21.360 --> 02:25.170
and other embedded devices for vulnerabilities

21
02:25.170 --> 02:33.360
I want to start with a legal disclaimer: you are allowed to use RouterSpoloit only on your own devices

22
02:33.720 --> 02:39.450
or on devices for which you've got permission.

23
02:39.460 --> 02:43.600
Let's get started and see how to install and use RouterSploit.

24
02:43.930 --> 02:51.490
If you are using Kali Linux you can install it automatically using apt because it's in the official

25
02:51.490 --> 02:53.000
repositories.

26
02:53.000 --> 02:58.690
I am searching for  RouterSploit. apt search routersploit

27
03:02.650 --> 03:04.210
and it found the package.

28
03:05.300 --> 03:13.400
However I'm gonna install it manually from the official website because I want to stay up to date.

29
03:13.400 --> 03:19.660
The installation is simple and I will just follow the official installation guide.

30
03:19.820 --> 03:31.570
First I'm installing Python Pip.

31
03:31.700 --> 03:42.620
The next step is to clone the github repository.

32
03:42.840 --> 03:49.330
Then I'll see the intro to exploit the directory and install the requirements.

33
03:49.330 --> 03:59.590
I'm copying and then pasting this line I'm moving to routersploit directory and here I am pasting the

34
03:59.590 --> 04:00.190
line.

35
04:02.120 --> 04:04.290
It's installing some requirements

36
04:09.790 --> 04:15.160
Perfect! routersploit has been installed. In this directory

37
04:15.160 --> 04:21.310
there is a Python file called rsf.py but. This is routersploit.

38
04:21.340 --> 04:22.690
I am starting it.

39
04:22.780 --> 04:33.170
Python 3 and the name of that file ars.py Note that you have to be in the routersploit

40
04:33.170 --> 04:33.830
directory.

41
04:36.840 --> 04:44.010
The routersploit framework has opened up and you see that the interface and style are similar to

42
04:44.010 --> 04:45.880
that of metasploit.

43
04:46.350 --> 04:53.790
A command line interface is available and you can't see everything routersploit has to offer by typing

44
04:54.000 --> 04:59.750
show all We see the modules.As you can see in the output

45
04:59.850 --> 05:04.170
there are a lot of exploits, default credentials and scanners.

46
05:07.660 --> 05:13.270
If you want to search for a specific exploit or for exploits for a specific vendor

47
05:13.270 --> 05:22.970
you use the search commend.  For example I am searching for anything related to Cisco: search cisco 

48
05:22.990 --> 05:32.960
I've got exploits for Cisco routers, cameras or modules for finding the credentials; or I could search only

49
05:32.960 --> 05:40.540
for exploits like this: search type=exploits

50
05:40.710 --> 05:43.320
It's showing us only the exploits;

51
05:47.620 --> 05:53.110
or I could search for anything related to cameras

52
05:53.110 --> 05:58.600
search device=cameras Okay!

53
05:58.630 --> 06:02.250
This is how you use rutersploit. Your type

54
06:02.260 --> 06:10.670
exit when you want to close routersploit. There is also the possibility to automatically update  routersploit

55
06:10.660 --> 06:12.010
modules.

56
06:12.150 --> 06:18.780
And I'd recommend you to do so since according to the routersploit  website the project is under

57
06:18.780 --> 06:27.390
heavy development and  new modules are shipped almost everyday. To update routerploit run git pull 

58
06:27.660 --> 06:35.070
in the routersploit directory git pull It's already up to date.

59
06:35.150 --> 06:43.610
I've just installed it. At the end of this lecture I want to introduce you to a new term called Flytrap

60
06:44.050 --> 06:50.620
A  Flytrap is a router that has been compromised and updated with a special firmware that

61
06:50.660 --> 06:55.260
prevents the user from updating or modifying the new firmware.

62
06:55.640 --> 07:03.390
Cherry Blossom is an exploitation framework that can transform vulnerable WiFi routers into 

63
07:03.390 --> 07:04.190
Flytraps.

64
07:04.370 --> 07:11.300
They are advanced remote spying devices capable of being controlled from anywhere.

65
07:11.310 --> 07:14.620
OK! We'll take a short break and we'll see after that

66
07:14.660 --> 07:18.440
how to exploit the default gateway using routersploit.