Example 5-3. Using routersploit for SSH brute force
rsf > use creds/ssh_bruteforce
rsf
(
SSH Bruteforce
)
> show options
Target options:
Name Current settings Description
---- ---------------- -----------
port
22
Target port
target Target IP address or file with target:port
(
file://
)
Module options:
Name Current settings
---- ----------------
usernames admin
passwords file:///usr/share/routersploit/routersploit/wordlists/
passwords.txt
threads 8
verbosity yes
stop_on_success yes
Description
-----------
Username or file with usernames
(
file://
)
Password or file with passwords
(
file://
)
Number of threads
Display authentication attempts
Stop on first valid authentication attempt
To load a module in
routersploit
, you
use
the module. After the module is loaded, the
module has a set of options that need to be populated in order to run the module.
Example 5-3
shows the options for the SSH brute-force attack. Some of the options
have defaults that may work fine. In other cases, you need to specify the value—for
example, the
target
setting. This indicates the device you want to run the exploit
against. This is just one example of a module available in
routersploit
.
Example 5-4
shows a partial list of other modules that are available.
Example 5-4. Partial list of exploits
exploits/ubiquiti/airos_6_x
exploits/tplink/wdr740nd_wdr740n_path_traversal
exploits/tplink/wdr740nd_wdr740n_backdoor
exploits/netsys/multi_rce
exploits/linksys/1500_2500_rce
exploits/linksys/wap54gv3_rce
exploits/netgear/multi_rce
