Routersploit stops forever when checking an exploit

threat9 / routersploit

Exploitation Framework for Embedded Devices

Other

12.12k stars 2.31k forks source link

Routersploit stops forever when checking an exploit #307

Closed sasatefa2009 closed 7 years ago

sasatefa2009 commented 7 years ago

Greetings,

I've Router " ZXHN H108N V2.5 " and Routersploit stops forever when checking for this exploit " exploits/routers/dlink/dwr_932b_backdoor "

lucyoa commented 7 years ago

There is 10 second timeout:

 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 sock.settimeout(10.0)

Could you verify that by executing exploitation:

rsf > use exploits/routers/dlink/dwr_932b_backdoor
rsf (D-LINK DWR-932B) > set target <ip>
[+] {'target': '<ip>'}
rsf (D-LINK DWR-932B) > check
[-] Target is not vulnerable
rsf (D-LINK DWR-932B) > run
[*] Running module...
[*] Sending backdoor packet...
[-] Exploit failed - target seems to be not vulnerable

sasatefa2009 commented 7 years ago

@lucyoa when i tried to use the exploit directly as you said and checked it said "not vulnerable". but when i try with scanners/autopwn it stops forever

lucyoa commented 7 years ago

So it seems that it hangs on different module. If the module name was displayed during scanning process it already finished its execution.

sasatefa2009 commented 7 years ago

@lucyoa well, it finished now with this report

[-] exploits/routers/dlink/dwr_932b_backdoor is not vulnerable [-] exploits/cameras/grandstream/gxv3611hd_ip_camera_rce is not vulnerable [*] Elapsed time: 307.233791113 seconds

[*] Could not verify exploitability:

exploits/routers/billion/5200w_rce
exploits/routers/shuttle/915wm_dns_change
exploits/routers/cisco/catalyst_2960_rocem
exploits/routers/cisco/secure_acs_bypass
exploits/routers/netgear/dgn2200_dnslookup_cgi_rce
exploits/routers/dlink/dsl_2640b_dns_change
exploits/routers/dlink/dir_815_850l_rce
exploits/routers/dlink/dsl_2730b_2780b_526b_dns_change
exploits/routers/dlink/dsl_2740r_dns_change

but i can assure you that 300 second of these 307 seconds are just stopping on that exploit

lucyoa commented 7 years ago

Ok, it seems that it hangs on cameras/grandstream/gxv3611hd_ip_camera_rce.py exploit. We need to add timeout for telnet connection. Thanks!

sasatefa2009 commented 7 years ago

@lucyoa Thank your for your fast responses Just a small request. Please check my comment in here https://github.com/reverse-shell/routersploit/issues/288

No other comments by me if you wanna close the issue.

sasatefa2009 commented 7 years ago

@fwkz have you fixed the issue ?

josel20 commented 2 years ago

Routersploit stops forever when checking an exploit ssh creds/generic/ssh_default in Huawei 8145v5

josel20 commented 2 years ago

help me,

josel20 commented 2 years ago