Found two vulnerabilities on my router thanks to this! Then I found out that xfinity doesn't allow users to update the hardware they provide. Guess who just ordered a new router? Thanks for this video.
Your general lack of knowledge that its perfectly fine to put it on the internet and your general complete misconception of what the dark web is entirely
@@joemccormick9348 And why do you think so? There are many helpful forums for hackers on the dark web. He wont be able to find unethical hacking courses on youtube so i suggested him to check out the forums on the dark web. whats so wrong about that.
Thanks for the video! I scanned all my devices at home. Routersploit has only found devices where the 6-9 vulnearbilities (on various ports) couldn't be verified. Is there a way to try to get a better picture whether these devices are really vulnearble or not? Can you group together these unverified exploits and run them individually using RouterSploit? Update: Never mind. I tinkered with it a bit and got it to work! Pretty powerful tool, I have to say. Many of the payloads might need some fine tuning since they crash the CLI with silly errors such as "unorderable types" when comparing tuples and such. Nothing that couldn't be fixed.
Hawaiian routers are mostly unsecured, as a large amount of botnets (mostly mirais) use these routers by using a set list of 0days. Also, thanks for the
Everybody makes errors, makes more sense to continue the video than to edit it. Great stuff, your way of explanation is super smooth. Would appreciate a video of you creating Persistence USB, without LUK. Thank you!
I managed to get into my own router. My creds weren't vulnerable, but rom0 and another thing like cmd was. I was able to run payloads/commands directly from my computer. My skill level doesn't know what to do with the vulnerabilities I got, but I do know that it could reak havoc on my router.
This RouterSploit program is cool and all, (and it's definitely good advice to keep your stuff patched), but if it requires you to be on the inside of the network anyway, then the damage is already done. At that point, having your IP cam hijacked is the least of your concerns.
Nice video! but if that cam was a sample, maybe you can create a dummy info or vulnerability so that we can see the information given on that exploit and how we can check the credentials and logged in. .:)
Right away when i heard "Easy python script", I thought.. "No, not simple or easy" haha.. then there are requirements, and commands :P. I can figure this out, and know there is target audience. I just thought it was a little fun anyway as it also takes a little more knowing things than the average person.
Awesome video man, I love your work. Thank you for putting this information out into the world. I can guarantee you will inspiring people to do great things by sparking their curiosity. Again Thank you
The only thing I don't get: you're doing the scan and exploitation on the internal network. How does the vpnfilter malware or anyone malicious access these ports that are only open internally? If you type in someone's IP address into your browser, you won't see their router's web configuration panel...
i'm getting error when i run this command: python3 -m pip install -r requirements.txt error: /usr/local/bin/python3: No module named pip but i've installed it using command : apt-get install python3-pip so what should i do now to work it?
Just to wrap my head around things. It makes sense to do this on your own network that you are connected to. But can you do this to other routers remotely? If you use a public ip address ? Is this possible ? Or do you need to be connected to the router you are trying to exploit ? Any help and advice would be appreciated. To clarify I’m learning / have consent from others 😂
Like a few others have mentioned, the “set port” command was giving me trouble too (on MacOS), but in the list of usable options it displayed it appears maybe routersploit got an update and now the command is set http_port 80 (or whatever port you want). Awesome vids btw NB, whenever my brain shifts into inquisitive mode during the day I try to come back to pick up another topic I’m unfamiliar with. Thank you for sharing the intel!
I burst out laughing the way you said “Definitely illegal” because you already know I’m gonna do it. Omg. You might have well have said “Yea fuck it, you people are on your own” Lol
Noob here. Are we saying someone can penetrate our firewall router to reach a port on our printer or other device, then leapfrog back into other devices on our network? Or worse, monitor all network traffic?
Quick question I loaded Kali on an Android device. Updated it and upgraded it too. Added python3 plus pip I think. Now after installing sherlock. I get a font error for colorama. Try pip install colorama no joy. Even downlaoded it's github page. Any help would be appericated. Have a nice day.
hello,I love your videos,but I'm curious about what classes I should take in order to become a professional pentester. what type of books should I read? please help
@@HeadlampMafia My suggestion would be to find a company that specialises in penetration testing and ask them what they typically look for when they are hiring people. That will give you a decent idea for what is required and you can go from there.
I get this error while trying to install the requirements.txt: No module named pip I installed pip, did everything correctly from the previous commands in the video.
i have this problem in autopwn running module...... starting vulnerablity check.... after get this error TypeError: '>=' not supported between instances of 'tuple' and 'int' Routersploit version - 3.4.0 please help me please
Hello null byte team am I again, congratulations for your good work on youtube, I would like to ask a video teaching how to capture information on smartphones and laptops on the same wi-fi network as us!
Hi, 1)Does Routersploit instalation has any malware or executable binaries as part of its payload which inturn can infect the computer on which Routersploit is run ? 2)Can Routersploit payload infect target router and make it vulnerable to further attack if I forgot to factory reset the router after test is run ?
a question, when setting the ip can it be a public ip instead of a private ip that u put doing the video? because the way you do it you should already be in the wifi you are trying to pwn
Would this allow you to attack an IoT camera that allows connections from anywhere. Or would you have to be on the same network to target devices and only works with local IP addresses?
does openwrt, ddwrt, or tomato support it? those open source router opperating systems support a wide range of devices and often offer more features than the manufacturer defaults
@@blakel95 Strong passwords don't help if there is an exploit vulnerability. As shown here when he connected to the device normally it asked for username/password but that didn't stop him dumping the config info using an exploit. I have no idea what was dumped but he said it was pretty bad so you really need to be able to update firmware when vulnerabilities are found.
Great video kody like always😁 ive been playing with routersploit since last year but recently got some error(python 3) but i guess it will be fixed with a pip upgrade anyways i hope to see more videos like this that are not based on hardware or anything of a kind(tried your wireless attack videos unfortunately my wifi card only supports monitor mode not packet injections)😅 could you do a video on how these attack/exploits are automated, like vpnfilter/botnet ? Keep up the good work😁
All I get on routersploit is errors what do you do when you put in use scanners/autopwn and it says no module named routersploit module scanners autopwn
I've been learning these types of things for a while and always wondered is it possible to find out a WiFi BSSID and Channel even if the router is in another country? I can perform the basic DoS on any network im within range for, however my friend who lives in Scotland volunteered that I can pentest his Router, is there anyway of doing so? Sorry, im a newbie to ethical hacking and cyber security
Do I have to be already authenticated on a WiFi network for this to work? I set everything up and tried on my home router and it shows could not confirm any vulnerability and could not find any credentials
DD-WRT is down at the moment and my router isn't supported by open-WRT (I changed provider and old router broke),However I'm looking for a new router mainly because this one is bullshit for streaming files from NAS to over devices I would really like one with a 4G back up on it but I doubt I would ever use the 4G function lol
what do you need to hack? Most people have their profile public and the answer to their email security question on their profile. as long as you get their email thats tied to their account you could just reset the P/w and jump in,It's been a while since I done anything like this so I wouldn't know if that still works
i found this 3com officeconnect rce exploitable router and i did it but i dont rly understand what to do next it apparently allows me to send commands from the command line..?
The ping only can be done if the firewall allows the icmp echo request and responses to the same, so even if the router if vulnerable with a good firewall, chances are you would never know about the vulnerability
Mihir Shah Blocking ICMP echo (and most other ICMP) is a bad idea. It breaks more than it solves... No hacker actually believes a lack of ping means he IP is down these days.
thank you so much I love your channel I just tested this out on my own router and I actually got in this is my first real life hack I AM SO EXCITED THANK YOU SO MUCH I LOVE YOU
Hi if I put a clock to monitor the time in the background if someone freezes my IP camera is it accurate to say the date and time stamp on the IP camera would not coincide with the actual clock in the background of the camera footage?
![Use Nmap for Tactical Network Reconnaissance [Tutorial]](http://i.ytimg.com/vi/ltEFbi_I2KY/mqdefault.jpg)
![Use Nmap for Tactical Network Reconnaissance [Tutorial]](/img/tr.png)
![Search for Vulnerable Devices Around the World with Shodan [Tutorial]](http://i.ytimg.com/vi/oDkg1zz6xlw/mqdefault.jpg)
![Perform Network Fingerprinting with Maltego [Tutorial]](/img/n.gif)
I asked my router for concent, and it blinked...guess it is okay with this
Underrated comment
Hey how do I open routersploit I cant open it and I install it help
@@luiscastillo6615 make sure you are root: sudo routersploit [ENTER]
Found two vulnerabilities on my router thanks to this! Then I found out that xfinity doesn't allow users to update the hardware they provide. Guess who just ordered a new router? Thanks for this video.
Please make a full course on ethical hacking...
@@tripplefives1402 what you are talking about is illegal im pretty sure. If you really want to you should go to the deep web.
@@fredericchopin7639 u crack me up
Joe McCormick can you explain why
Your general lack of knowledge that its perfectly fine to put it on the internet and your general complete misconception of what the dark web is entirely
@@joemccormick9348 And why do you think so? There are many helpful forums for hackers on the dark web. He wont be able to find unethical hacking courses on youtube so i suggested him to check out the forums on the dark web. whats so wrong about that.
Imagine having this guy as your next door neighbor 😅😅
would be cool, i would ask him for teaching :D
@Nguyen Dang Duy Khang i dont think he would do that
i would only run wires no wifi xD
A distant physical location wouldn't provide safety. He can attack from both the LAN and the WAN.
@@J2897Tutorials And he also might test your locks whilst you're out at work...
2:46 I thought he was having a stroke for a second.
Jackal cool to see you here...
Wym?
Yep
Jackaldev i saw you from the lanc vids
Lmfaooo
Just discovered your channel and I have to say, your content is amazing! Also thank you for this video.
I came here to say the same as Tibor - great stuff, man. Keep up the excellent work!
Hey I know U
Bro u are the guy of linus tech tips!
Lil note (HE DOESNT BLINK!)
Thanks for the video! I scanned all my devices at home. Routersploit has only found devices where the 6-9 vulnearbilities (on various ports) couldn't be verified. Is there a way to try to get a better picture whether these devices are really vulnearble or not? Can you group together these unverified exploits and run them individually using RouterSploit?
Update: Never mind. I tinkered with it a bit and got it to work! Pretty powerful tool, I have to say. Many of the payloads might need some fine tuning since they crash the CLI with silly errors such as "unorderable types" when comparing tuples and such. Nothing that couldn't be fixed.
Well if they have the exploits see if you can hack it
Charles Mills Shouldn’t have to, the scanners Routersploit uses is trash.
Hawaiian routers are mostly unsecured, as a large amount of botnets (mostly mirais) use these routers by using a set list of 0days.
Also, thanks for the
ISP's like to implement TR-069 backdoor into things
I want to say that once i was a beginner i learned all from this channel. I wish this channel could reach 1 m subscribe before 2021
teach me your ways
Everybody makes errors, makes more sense to continue the video than to edit it. Great stuff, your way of explanation is super smooth. Would appreciate a video of you creating Persistence USB, without LUK. Thank you!
Thanks for your awsome job mate! It's clearly not rewarded enough!
You need an online course for this stuff man great channel btw
Omg. It blinks at 1:20. He may be human after all. Great channel.
I managed to get into my own router. My creds weren't vulnerable, but rom0 and another thing like cmd was. I was able to run payloads/commands directly from my computer. My skill level doesn't know what to do with the vulnerabilities I got, but I do know that it could reak havoc on my router.
that introduction is one hell of a ride
We shot that and a commercial for a donut store in the same two hour period
Null Byte Oh my god 😂
*Says legal disclaimer*
Black hats: “that is merely a suggestion”
This RouterSploit program is cool and all, (and it's definitely good advice to keep your stuff patched), but if it requires you to be on the inside of the network anyway, then the damage is already done. At that point, having your IP cam hijacked is the least of your concerns.
yup, he missed to mention that..
I dont have a port setting in my target options?
Nice video! but if that cam was a sample, maybe you can create a dummy info or vulnerability so that we can see the information given on that exploit and how we can check the credentials and logged in. .:)
Yeah… I completely left hanging by what was pwned!
1:30 I was looking at this cute cat and not listening you. I had to rewatch this part.
if it was the fat angel behind me then I don't blame you
@@NullByteWHT lol
Right away when i heard "Easy python script", I thought.. "No, not simple or easy" haha.. then there are requirements, and commands :P.
I can figure this out, and know there is target audience. I just thought it was a little fun anyway as it also takes a little more knowing things than the average person.
So you can use router split for your own good to see if your router is good?
Awesome stuff Bro, I agree you should make a course on ethical hacking 👍🏼
Awesome video man, I love your work. Thank you for putting this information out into the world. I can guarantee you will inspiring people to do great things by sparking their curiosity. Again Thank you
The only thing I don't get: you're doing the scan and exploitation on the internal network. How does the vpnfilter malware or anyone malicious access these ports that are only open internally?
If you type in someone's IP address into your browser, you won't see their router's web configuration panel...
i'm getting error when i run this command: python3 -m pip install -r requirements.txt
error: /usr/local/bin/python3: No module named pip
but i've installed it using command : apt-get install python3-pip
so what should i do now to work it?
Explanation man ♥️
help sir...why my routersploit any notification bellow
TypeError: '>=' not supported between instances of 'tuple' and 'int'
Just to wrap my head around things. It makes sense to do this on your own network that you are connected to. But can you do this to other routers remotely? If you use a public ip address ? Is this possible ? Or do you need to be connected to the router you are trying to exploit ? Any help and advice would be appreciated.
To clarify I’m learning / have consent from others 😂
I think u have to be in the routers network before u can exploit it
Like a few others have mentioned, the “set port” command was giving me trouble too (on MacOS), but in the list of usable options it displayed it appears maybe routersploit got an update and now the command is set http_port 80 (or whatever port you want).
Awesome vids btw NB, whenever my brain shifts into inquisitive mode during the day I try to come back to pick up another topic I’m unfamiliar with. Thank you for sharing the intel!
Can you do this over WAN?
I have a pau05 and when I search for networks I cant find anything. Suggestions?
I burst out laughing the way you said “Definitely illegal” because you already know I’m gonna do it. Omg. You might have well have said “Yea fuck it, you people are on your own” Lol
Noob here. Are we saying someone can penetrate our firewall router to reach a port on our printer or other device, then leapfrog back into other devices on our network? Or worse, monitor all network traffic?
You......are......amazing bro. You are my teacher.
Hello, I have a term, how can I do it, because I have ipv4 or ipv6 writes because I don't write ip address, help me
I know this video is from along time ago but how do you fix the issue exploit failed could not extract credentials?
Quick question I loaded Kali on an Android device. Updated it and upgraded it too. Added python3 plus pip I think. Now after installing sherlock. I get a font error for colorama. Try pip install colorama no joy. Even downlaoded it's github page. Any help would be appericated. Have a nice day.
hello,I love your videos,but I'm curious about what classes I should take in order to become a professional pentester. what type of books should I read? please help
I also am curious. This sort of thing has always fascinated me, but I never allowed myself the time to dig into it
@@HeadlampMafia
My suggestion would be to find a company that specialises in penetration testing and ask them what they typically look for when they are hiring people. That will give you a decent idea for what is required and you can go from there.
I get this error while trying to install the requirements.txt:
No module named pip
I installed pip, did everything correctly from the previous commands in the video.
Update your package list first by using
$ sudo apt update
Then use the following command to install pip for python3
$ sudo apt install python3-pip
Be sure that python is up to date.
Great video on a very nice tool to play with on your own network.
You're awesome! I just discovered your channel... how many wasted minutes on youtube before you! Thank you for your videos
its not good if my list of vulnerabilitys are this big that i have to scroll right xD?
i have this problem
in autopwn
running module......
starting vulnerablity check....
after get this error
TypeError: '>=' not supported between instances of 'tuple' and 'int'
Routersploit version - 3.4.0
please help me please
Hello null byte team am I again, congratulations
for your good work on youtube, I would like to ask
a video teaching how to capture information on smartphones and laptops on the same wi-fi network as us!
...you use mac too!? I thought I was the only mac hacker - WHAT THE HAACCKK
What command do ineed i start if i have already downlkaded in termux the routersploit
How on earth u only have 150k subs
Hi,
1)Does Routersploit instalation has any malware or executable binaries as part of its payload which inturn can infect the computer on which Routersploit is run ?
2)Can Routersploit payload infect target router and make it vulnerable to further attack if I forgot to factory reset the router after test is run ?
Nullbyte please help me out will this also work on someones else router i mean you can het there information or Just your own router 🤷🏻♂️🤷🏻♂️
a question, when setting the ip can it be a public ip instead of a private ip that u put doing the video? because the way you do it you should already be in the wifi you are trying to pwn
And how Do I get to know the IP Adress of a foreign Router to test it?
Same issue brother ],
if u had find out than let me know.
Awesome man!!! Going to hit 1 lakh subs soon...
pluto boy thank you!
Do you have to be connected to a network to use routersploit?
do antivirus or malwarebytes detect infection with this?
Where can i find a full length of you teaching cyber security ?????
Would this allow you to attack an IoT camera that allows connections from anywhere. Or would you have to be on the same network to target devices and only works with local IP addresses?
did u hackintosh that dell??? or are u just using osx in a virtual machine?
Is routersploit is used to test switches also?
My router is two years old and i havnt been able to update my firmware because there is no patch from the devolpers wtf =[
supersonic118 Alex you should really get a new one, that's the worst case scenario.
does openwrt, ddwrt, or tomato support it? those open source router opperating systems support a wide range of devices and often offer more features than the manufacturer defaults
Just do a factory reset and make strong passwords for router and wifi login.
@@blakel95
Strong passwords don't help if there is an exploit vulnerability. As shown here when he connected to the device normally it asked for username/password but that didn't stop him dumping the config info using an exploit. I have no idea what was dumped but he said it was pretty bad so you really need to be able to update firmware when vulnerabilities are found.
Hide your ESSID/BSSID (Network broadcast) to start with.
music name "Xtract - Audiotool Day 2016"
I would like to see this channel get 1m subscribers very soon.
Good work. Love the tutorial
What terminal did you use? Itern is that for mac only what about window can you provide some link on description? correct me if im wrong
Great video , keep up the excellent work.
When I run show options, I can only set target not port. Why ???
Great video kody like always😁 ive been playing with routersploit since last year but recently got some error(python 3) but i guess it will be fixed with a pip upgrade anyways i hope to see more videos like this that are not based on hardware or anything of a kind(tried your wireless attack videos unfortunately my wifi card only supports monitor mode not packet injections)😅 could you do a video on how these attack/exploits are automated, like vpnfilter/botnet ? Keep up the good work😁
Wesley Valeran glad you enjoy them! I'll be trying some basic python exploits soon.
how do I change routersploit password I forgot mine or its just not working? I had it opened once. using it for personal use
All I get on routersploit is errors what do you do when you put in use scanners/autopwn and it says no module named routersploit module scanners autopwn
It's awesome to see tool made in poland in your video :)) greetings from pl :)
I like the pics of the cat in the background
I've been learning these types of things for a while and always wondered is it possible to find out a WiFi BSSID and Channel even if the router is in another country? I can perform the basic DoS on any network im within range for, however my friend who lives in Scotland volunteered that I can pentest his Router, is there anyway of doing so? Sorry, im a newbie to ethical hacking and cyber security
I am using termux and it say TypeError: '>=' not supported between instances of 'tuple' and 'int' When i run it how to fix that
Do I have to be already authenticated on a WiFi network for this to work? I set everything up and tried on my home router and it shows could not confirm any vulnerability and could not find any credentials
best as always_ bro make video on protocol downgrade attack,,,,,
what should I do with these
blind command injection
I wish you could make an updated video! Great video!
Love this series.
If a device is Vulnerable on my network..
Dose that mean you'd have too be on my network too do take advantage of that vulnerability
0:07 Did I just see him blink?!
Fake news
why i'm failed using routersploit for IP Public? only work at local network. any suggest for that?
How to blur the things you written down?
Would OEM ISP routers be at a greater risk than a store bought router?
Paul Badman ISP routers are worse
Thought that would be the case,However thought I would ask anyway
DD-WRT is down at the moment and my router isn't supported by open-WRT (I changed provider and old router broke),However I'm looking for a new router mainly because this one is bullshit for streaming files from NAS to over devices I would really like one with a 4G back up on it but I doubt I would ever use the 4G function lol
what do you need to hack? Most people have their profile public and the answer to their email security question on their profile. as long as you get their email thats tied to their account you could just reset the P/w and jump in,It's been a while since I done anything like this so I wouldn't know if that still works
What is the title of the book behind and to the right of the guy talking? The big green book.
Hi! I'm the guy talking. It's a book I grew up with: www.amazon.com/Codes-Ciphers-Secrets-Cryptic-Communication/dp/1579124852
Null Byte Thanks, I'll grab a copy. I will have to try routersploit in future pentesting.
I hope it serves you well in the war against the machines.
i found this 3com officeconnect rce exploitable router and i did it but i dont rly understand what to do next it apparently allows me to send commands from the command line..?
The ping only can be done if the firewall allows the icmp echo request and responses to the same, so even if the router if vulnerable with a good firewall, chances are you would never know about the vulnerability
Mihir Shah
Blocking ICMP echo (and most other ICMP) is a bad idea. It breaks more than it solves... No hacker actually believes a lack of ping means he IP is down these days.
tin2001
True...but can u list the disavantages of blocking icmp echo requests...thanx btw
Yeah that's an intuitive question...good work bro...keep it up
Kshitij Kathuria thanx...
if i keep watching ur videos i may end up in the big brother
In the distance you see a potato.
Like if you saw a potato after reading this.
How does this work against ISP switches and routers? I had a play and I think I got right through to my internet providers main credentials.
Could you please suggest any setup (router, firewall, etc.) to secure our small company network? thanks
6:09 What command did you use to scan the network for ports? Does the command work on kali Linux? I’m trying it but it’s not working
he used nmap to look for open ports. The prompt is : nmap -p 80,8080,8081,81 /24
which router and version of router you use ?
probably a dumb question but is a tool like this obsolete in 2021?
thank you so much I love your channel I just tested this out on my own router and I actually got in this is my first real life hack I AM SO EXCITED THANK YOU SO MUCH I LOVE YOU
When I used the run command it said could not find default credentials
Any help?
Sounds like the router isn't using a default password. Try other routers.
very nice tut thanks ,but what about routers to which we are not connected ?
As this isn't open scanning/monitoring wireless networks, I don;t think a AWUS036ACH chipset wireless adapter is required, please confirm?
In show options i havent an target ip why?
Hi if I put a clock to monitor the time in the background if someone freezes my IP camera is it accurate to say the date and time stamp on the IP camera would not coincide with the actual clock in the background of the camera footage?