#!/bin/bash # Router Emergency Recovery Script # This script helps recover from a router compromise echo "🚨 ROUTER EMERGENCY RECOVERY" echo "============================" echo "Timestamp: $(date)" echo "WARNING: Router may be compromised!" echo "" ROUTER_IP="192.168.50.1" LOG_FILE="router_recovery_$(date +%Y%m%d_%H%M%S).log" # Function to check router accessibility check_router_access() { echo "1. Checking router accessibility..." | tee $LOG_FILE echo "" | tee -a $LOG_FILE echo "Testing router connectivity..." | tee -a $LOG_FILE if ping -c 3 -W 2 $ROUTER_IP > /dev/null 2>&1; then echo "✅ Router is reachable" | tee -a $LOG_FILE else echo "❌ Router is not reachable" | tee -a $LOG_FILE echo "🚨 CRITICAL: Router may be down or compromised!" | tee -a $LOG_FILE return 1 fi echo "" | tee -a $LOG_FILE echo "Testing router web interface..." | tee -a $LOG_FILE if timeout 5 curl -s http://$ROUTER_IP > /dev/null 2>&1; then echo "✅ Router web interface is accessible" | tee -a $LOG_FILE else echo "❌ Router web interface is not accessible" | tee -a $LOG_FILE fi echo "" | tee -a $LOG_FILE echo "Testing HTTPS interface..." | tee -a $LOG_FILE if timeout 5 curl -s -k https://$ROUTER_IP > /dev/null 2>&1; then echo "✅ Router HTTPS interface is accessible" | tee -a $LOG_FILE else echo "❌ Router HTTPS interface is not accessible" | tee -a $LOG_FILE fi } # Function to check for router compromise indicators check_compromise_indicators() { echo "" | tee -a $LOG_FILE echo "2. Checking for router compromise indicators..." | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Checking DNS settings..." | tee -a $LOG_FILE cat /etc/resolv.conf | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Checking routing table..." | tee -a $LOG_FILE ip route | grep default | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Checking for suspicious network activity..." | tee -a $LOG_FILE netstat -tuln | grep -E ":(25|1433|3306|5432|27017|6379|8080|8443|4444|31337)" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Checking for unauthorized DNS queries..." | tee -a $LOG_FILE journalctl -u systemd-resolved --since "1 hour ago" | grep -i "query" | tail -10 | tee -a $LOG_FILE } # Function to provide emergency recovery steps emergency_recovery_steps() { echo "" | tee -a $LOG_FILE echo "3. EMERGENCY RECOVERY STEPS:" | tee -a $LOG_FILE echo "============================" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "🚨 IMMEDIATE ACTIONS REQUIRED:" | tee -a $LOG_FILE echo "1. PHYSICALLY RESET YOUR ROUTER" | tee -a $LOG_FILE echo " - Locate the reset button on your router" | tee -a $LOG_FILE echo " - Hold it down for 10-30 seconds with a paperclip" | tee -a $LOG_FILE echo " - Wait for router to restart completely" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "2. DISCONNECT ALL DEVICES FROM NETWORK" | tee -a $LOG_FILE echo " - Unplug all devices except one computer" | tee -a $LOG_FILE echo " - Use only one device to reconfigure router" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "3. RECONFIGURE ROUTER SECURELY" | tee -a $LOG_FILE echo " - Access router at http://192.168.50.1" | tee -a $LOG_FILE echo " - Use default credentials (check router manual)" | tee -a $LOG_FILE echo " - Change admin password immediately" | tee -a $LOG_FILE echo " - Change WiFi password" | tee -a $LOG_FILE echo " - Enable MAC address filtering" | tee -a $LOG_FILE echo " - Update router firmware" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "4. SECURE YOUR NETWORK" | tee -a $LOG_FILE echo " - Block the compromised device MAC: cc:f7:35:53:f5:fa" | tee -a $LOG_FILE echo " - Enable firewall features" | tee -a $LOG_FILE echo " - Disable WPS" | tee -a $LOG_FILE echo " - Use WPA3 encryption if available" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "5. RECONNECT DEVICES ONE BY ONE" | tee -a $LOG_FILE echo " - Reconnect devices individually" | tee -a $LOG_FILE echo " - Monitor for suspicious activity" | tee -a $LOG_FILE echo " - Do NOT reconnect the compromised Amazon device" | tee -a $LOG_FILE } # Function to provide router reset instructions router_reset_instructions() { echo "" | tee -a $LOG_FILE echo "4. ROUTER RESET INSTRUCTIONS:" | tee -a $LOG_FILE echo "=============================" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "🔧 PHYSICAL RESET PROCEDURE:" | tee -a $LOG_FILE echo "1. Locate the reset button on your router" | tee -a $LOG_FILE echo " - Usually a small hole labeled 'Reset'" | tee -a $LOG_FILE echo " - May be on the back or bottom of router" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "2. Perform the reset:" | tee -a $LOG_FILE echo " - Use a paperclip or small tool" | tee -a $LOG_FILE echo " - Press and hold the reset button" | tee -a $LOG_FILE echo " - Hold for 10-30 seconds" | tee -a $LOG_FILE echo " - Wait for all lights to flash" | tee -a $LOG_FILE echo " - Release the button" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "3. Wait for router to restart:" | tee -a $LOG_FILE echo " - All lights should go off and come back on" | tee -a $LOG_FILE echo " - Wait 2-5 minutes for complete restart" | tee -a $LOG_FILE echo " - Router will use default settings" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "⚠️ WARNING: This will erase all router settings!" | tee -a $LOG_FILE echo "⚠️ You will need to reconfigure WiFi and security" | tee -a $LOG_FILE } # Function to provide default router credentials default_credentials() { echo "" | tee -a $LOG_FILE echo "5. COMMON DEFAULT ROUTER CREDENTIALS:" | tee -a $LOG_FILE echo "=====================================" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Common default usernames:" | tee -a $LOG_FILE echo "- admin" | tee -a $LOG_FILE echo "- root" | tee -a $LOG_FILE echo "- user" | tee -a $LOG_FILE echo "- administrator" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Common default passwords:" | tee -a $LOG_FILE echo "- admin" | tee -a $LOG_FILE echo "- password" | tee -a $LOG_FILE echo "- 1234" | tee -a $LOG_FILE echo "- 0000" | tee -a $LOG_FILE echo "- (blank)" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "🔍 To find your specific router's defaults:" | tee -a $LOG_FILE echo "1. Check the router manual" | tee -a $LOG_FILE echo "2. Look for a sticker on the router" | tee -a $LOG_FILE echo "3. Search online for your router model" | tee -a $LOG_FILE echo "4. Try common combinations above" | tee -a $LOG_FILE } # Function to create network isolation script create_isolation_script() { echo "" | tee -a $LOG_FILE echo "6. Creating network isolation script..." | tee -a $LOG_FILE cat > isolate_network.sh << 'EOF' #!/bin/bash # Network Isolation Script # Isolates your computer from the compromised network echo "🔒 ISOLATING FROM COMPROMISED NETWORK" echo "=====================================" # Disable network interfaces echo "Disabling network interfaces..." sudo ip link set wlp2s0 down 2>/dev/null sudo ip link set enp1s0 down 2>/dev/null echo "Network interfaces disabled" echo "You are now isolated from the compromised network" echo "" echo "To reconnect after router reset:" echo "sudo ip link set wlp2s0 up" echo "sudo ip link set enp1s0 up" EOF chmod +x isolate_network.sh echo "✅ Network isolation script created: isolate_network.sh" | tee -a $LOG_FILE } # Function to provide emergency contacts emergency_contacts() { echo "" | tee -a $LOG_FILE echo "7. EMERGENCY CONTACTS:" | tee -a $LOG_FILE echo "=====================" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "🚨 IF YOU NEED IMMEDIATE HELP:" | tee -a $LOG_FILE echo "1. Contact your ISP's technical support" | tee -a $LOG_FILE echo "2. Contact router manufacturer support" | tee -a $LOG_FILE echo "3. Consider hiring a cybersecurity professional" | tee -a $LOG_FILE echo "4. Contact local IT support services" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "📞 USEFUL RESOURCES:" | tee -a $LOG_FILE echo "- Router manual (usually available online)" | tee -a $LOG_FILE echo "- ISP support website" | tee -a $LOG_FILE echo "- Router manufacturer website" | tee -a $LOG_FILE echo "- Cybersecurity forums and communities" | tee -a $LOG_FILE } # Main execution main() { echo "🚨 ROUTER COMPROMISE DETECTED!" | tee -a $LOG_FILE echo "Starting emergency recovery procedures..." | tee -a $LOG_FILE check_router_access check_compromise_indicators emergency_recovery_steps router_reset_instructions default_credentials create_isolation_script emergency_contacts echo "" | tee -a $LOG_FILE echo "=== EMERGENCY RECOVERY PLAN COMPLETE ===" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "🚨 IMMEDIATE ACTION REQUIRED:" | tee -a $LOG_FILE echo "1. PHYSICALLY RESET YOUR ROUTER" | tee -a $LOG_FILE echo "2. DISCONNECT ALL DEVICES" | tee -a $LOG_FILE echo "3. RECONFIGURE ROUTER SECURELY" | tee -a $LOG_FILE echo "4. MONITOR FOR FURTHER COMPROMISE" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "⚠️ This is a critical security incident!" | tee -a $LOG_FILE echo "Take immediate action to regain control of your network." | tee -a $LOG_FILE } # Run the main function main