admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a6a331f538adc2f1ebf9db1229e3783685dda7af
HomeAudit/router_emergency_recovery.sh
admin fb869f1131 Initial commit
2025-08-24 11:13:39 -04:00

249 lines
9.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Router Emergency Recovery Script
# This script helps recover from a router compromise
echo "🚨 ROUTER EMERGENCY RECOVERY"
echo "============================"
echo "Timestamp: $(date)"
echo "WARNING: Router may be compromised!"
echo ""
ROUTER_IP="192.168.50.1"
LOG_FILE="router_recovery_$(date +%Y%m%d_%H%M%S).log"
# Function to check router accessibility
check_router_access() {
echo "1. Checking router accessibility..." | tee $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Testing router connectivity..." | tee -a $LOG_FILE
if ping -c 3 -W 2 $ROUTER_IP > /dev/null 2>&1; then
echo "✅ Router is reachable" | tee -a $LOG_FILE
else
echo "❌ Router is not reachable" | tee -a $LOG_FILE
echo "🚨 CRITICAL: Router may be down or compromised!" | tee -a $LOG_FILE
return 1
fi
echo "" | tee -a $LOG_FILE
echo "Testing router web interface..." | tee -a $LOG_FILE
if timeout 5 curl -s http://$ROUTER_IP > /dev/null 2>&1; then
echo "✅ Router web interface is accessible" | tee -a $LOG_FILE
else
echo "❌ Router web interface is not accessible" | tee -a $LOG_FILE
fi
echo "" | tee -a $LOG_FILE
echo "Testing HTTPS interface..." | tee -a $LOG_FILE
if timeout 5 curl -s -k https://$ROUTER_IP > /dev/null 2>&1; then
echo "✅ Router HTTPS interface is accessible" | tee -a $LOG_FILE
else
echo "❌ Router HTTPS interface is not accessible" | tee -a $LOG_FILE
fi
}
# Function to check for router compromise indicators
check_compromise_indicators() {
echo "" | tee -a $LOG_FILE
echo "2. Checking for router compromise indicators..." | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Checking DNS settings..." | tee -a $LOG_FILE
cat /etc/resolv.conf | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Checking routing table..." | tee -a $LOG_FILE
ip route | grep default | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Checking for suspicious network activity..." | tee -a $LOG_FILE
netstat -tuln | grep -E ":(25|1433|3306|5432|27017|6379|8080|8443|4444|31337)" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Checking for unauthorized DNS queries..." | tee -a $LOG_FILE
journalctl -u systemd-resolved --since "1 hour ago" | grep -i "query" | tail -10 | tee -a $LOG_FILE
}
# Function to provide emergency recovery steps
emergency_recovery_steps() {
echo "" | tee -a $LOG_FILE
echo "3. EMERGENCY RECOVERY STEPS:" | tee -a $LOG_FILE
echo "============================" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "🚨 IMMEDIATE ACTIONS REQUIRED:" | tee -a $LOG_FILE
echo "1. PHYSICALLY RESET YOUR ROUTER" | tee -a $LOG_FILE
echo " - Locate the reset button on your router" | tee -a $LOG_FILE
echo " - Hold it down for 10-30 seconds with a paperclip" | tee -a $LOG_FILE
echo " - Wait for router to restart completely" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "2. DISCONNECT ALL DEVICES FROM NETWORK" | tee -a $LOG_FILE
echo " - Unplug all devices except one computer" | tee -a $LOG_FILE
echo " - Use only one device to reconfigure router" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "3. RECONFIGURE ROUTER SECURELY" | tee -a $LOG_FILE
echo " - Access router at http://192.168.50.1" | tee -a $LOG_FILE
echo " - Use default credentials (check router manual)" | tee -a $LOG_FILE
echo " - Change admin password immediately" | tee -a $LOG_FILE
echo " - Change WiFi password" | tee -a $LOG_FILE
echo " - Enable MAC address filtering" | tee -a $LOG_FILE
echo " - Update router firmware" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "4. SECURE YOUR NETWORK" | tee -a $LOG_FILE
echo " - Block the compromised device MAC: cc:f7:35:53:f5:fa" | tee -a $LOG_FILE
echo " - Enable firewall features" | tee -a $LOG_FILE
echo " - Disable WPS" | tee -a $LOG_FILE
echo " - Use WPA3 encryption if available" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "5. RECONNECT DEVICES ONE BY ONE" | tee -a $LOG_FILE
echo " - Reconnect devices individually" | tee -a $LOG_FILE
echo " - Monitor for suspicious activity" | tee -a $LOG_FILE
echo " - Do NOT reconnect the compromised Amazon device" | tee -a $LOG_FILE
}
# Function to provide router reset instructions
router_reset_instructions() {
echo "" | tee -a $LOG_FILE
echo "4. ROUTER RESET INSTRUCTIONS:" | tee -a $LOG_FILE
echo "=============================" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "🔧 PHYSICAL RESET PROCEDURE:" | tee -a $LOG_FILE
echo "1. Locate the reset button on your router" | tee -a $LOG_FILE
echo " - Usually a small hole labeled 'Reset'" | tee -a $LOG_FILE
echo " - May be on the back or bottom of router" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "2. Perform the reset:" | tee -a $LOG_FILE
echo " - Use a paperclip or small tool" | tee -a $LOG_FILE
echo " - Press and hold the reset button" | tee -a $LOG_FILE
echo " - Hold for 10-30 seconds" | tee -a $LOG_FILE
echo " - Wait for all lights to flash" | tee -a $LOG_FILE
echo " - Release the button" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "3. Wait for router to restart:" | tee -a $LOG_FILE
echo " - All lights should go off and come back on" | tee -a $LOG_FILE
echo " - Wait 2-5 minutes for complete restart" | tee -a $LOG_FILE
echo " - Router will use default settings" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "⚠️ WARNING: This will erase all router settings!" | tee -a $LOG_FILE
echo "⚠️ You will need to reconfigure WiFi and security" | tee -a $LOG_FILE
}
# Function to provide default router credentials
default_credentials() {
echo "" | tee -a $LOG_FILE
echo "5. COMMON DEFAULT ROUTER CREDENTIALS:" | tee -a $LOG_FILE
echo "=====================================" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Common default usernames:" | tee -a $LOG_FILE
echo "- admin" | tee -a $LOG_FILE
echo "- root" | tee -a $LOG_FILE
echo "- user" | tee -a $LOG_FILE
echo "- administrator" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Common default passwords:" | tee -a $LOG_FILE
echo "- admin" | tee -a $LOG_FILE
echo "- password" | tee -a $LOG_FILE
echo "- 1234" | tee -a $LOG_FILE
echo "- 0000" | tee -a $LOG_FILE
echo "- (blank)" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "🔍 To find your specific router's defaults:" | tee -a $LOG_FILE
echo "1. Check the router manual" | tee -a $LOG_FILE
echo "2. Look for a sticker on the router" | tee -a $LOG_FILE
echo "3. Search online for your router model" | tee -a $LOG_FILE
echo "4. Try common combinations above" | tee -a $LOG_FILE
}
# Function to create network isolation script
create_isolation_script() {
echo "" | tee -a $LOG_FILE
echo "6. Creating network isolation script..." | tee -a $LOG_FILE
cat > isolate_network.sh << 'EOF'
#!/bin/bash
# Network Isolation Script
# Isolates your computer from the compromised network
echo "🔒 ISOLATING FROM COMPROMISED NETWORK"
echo "====================================="
# Disable network interfaces
echo "Disabling network interfaces..."
sudo ip link set wlp2s0 down 2>/dev/null
sudo ip link set enp1s0 down 2>/dev/null
echo "Network interfaces disabled"
echo "You are now isolated from the compromised network"
echo ""
echo "To reconnect after router reset:"
echo "sudo ip link set wlp2s0 up"
echo "sudo ip link set enp1s0 up"
EOF
chmod +x isolate_network.sh
echo "✅ Network isolation script created: isolate_network.sh" | tee -a $LOG_FILE
}
# Function to provide emergency contacts
emergency_contacts() {
echo "" | tee -a $LOG_FILE
echo "7. EMERGENCY CONTACTS:" | tee -a $LOG_FILE
echo "=====================" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "🚨 IF YOU NEED IMMEDIATE HELP:" | tee -a $LOG_FILE
echo "1. Contact your ISP's technical support" | tee -a $LOG_FILE
echo "2. Contact router manufacturer support" | tee -a $LOG_FILE
echo "3. Consider hiring a cybersecurity professional" | tee -a $LOG_FILE
echo "4. Contact local IT support services" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "📞 USEFUL RESOURCES:" | tee -a $LOG_FILE
echo "- Router manual (usually available online)" | tee -a $LOG_FILE
echo "- ISP support website" | tee -a $LOG_FILE
echo "- Router manufacturer website" | tee -a $LOG_FILE
echo "- Cybersecurity forums and communities" | tee -a $LOG_FILE
}
# Main execution
main() {
echo "🚨 ROUTER COMPROMISE DETECTED!" | tee -a $LOG_FILE
echo "Starting emergency recovery procedures..." | tee -a $LOG_FILE
check_router_access
check_compromise_indicators
emergency_recovery_steps
router_reset_instructions
default_credentials
create_isolation_script
emergency_contacts
echo "" | tee -a $LOG_FILE
echo "=== EMERGENCY RECOVERY PLAN COMPLETE ===" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "🚨 IMMEDIATE ACTION REQUIRED:" | tee -a $LOG_FILE
echo "1. PHYSICALLY RESET YOUR ROUTER" | tee -a $LOG_FILE
echo "2. DISCONNECT ALL DEVICES" | tee -a $LOG_FILE
echo "3. RECONFIGURE ROUTER SECURELY" | tee -a $LOG_FILE
echo "4. MONITOR FOR FURTHER COMPROMISE" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "⚠️ This is a critical security incident!" | tee -a $LOG_FILE
echo "Take immediate action to regain control of your network." | tee -a $LOG_FILE
}
# Run the main function
main
Reference in New Issue View Git Blame Copy Permalink