search

threat9 / routersploit

Exploitation Framework for Embedded Devices
Other
12.14k stars 2.31k forks source link

Windows support #57

Closed gabrielacosta closed 8 years ago

gabrielacosta commented 8 years ago

I've set my target and run AutoPwn, and I get the following output. 

Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
 Codename : Bad Blood
 Version  : 2.0.0

 Total module count: 39

rsf > use scanners/autopwn
rsf (AutoPwn) > show options

Target options:

   Name       Current settings     Description
   ----       ----------------     -----------
   target                          Target IP address e.g. 192.168.1.1
   port       80                   Target port

rsf (AutoPwn) > set target 192.168.1.254
[+] {'target': '192.168.1.254'}
rsf (AutoPwn) > show options

Target options:

   Name       Current settings     Description
   ----       ----------------     -----------
   target     192.168.1.254        Target IP address e.g. 192.168.1.1
   port       80                   Target port

rsf (AutoPwn) > set target 192.168.0.254
[+] {'target': '192.168.0.254'}
rsf (AutoPwn) > show options

Target options:

   Name       Current settings     Description
   ----       ----------------     -----------
   target     192.168.0.254        Target IP address e.g. 192.168.1.1
   port       80                   Target port

rsf (AutoPwn) > run
[*] Running module...
[-] exploits/2wire/gateway_auth_bypass is not vulnerable
[-] exploits/asmax/ar_1004g_password_disclosure is not vulnerable
[-] exploits/asmax/ar_804_gu_rce is not vulnerable
[-] exploits/asus/infosvr_backdoor_rce is not vulnerable
[-] exploits/asus/rt_n16_password_disclosure is not vulnerable
[-] exploits/belkin/g_n150_password_disclosure is not vulnerable
[-] exploits/belkin/g_plus_info_disclosure is not vulnerable
[-] exploits/belkin/n150_path_traversal is not vulnerable
[-] exploits/belkin/n750_rce is not vulnerable
[-] exploits/cisco/ucs_manager_rce is not vulnerable
[-] exploits/comtrend/ct_5361t_password_disclosure is not vulnerable
[-] exploits/dlink/dir_300_320_615_auth_bypass is not vulnerable
[-] exploits/dlink/dir_300_600_615_info_disclosure is not vulnerable
[-] exploits/dlink/dir_300_600_rce is not vulnerable
[-] exploits/dlink/dir_645_password_disclosure is not vulnerable
[-] exploits/dlink/dns_320l_327l_rce is not vulnerable
[-] exploits/dlink/dsl_2750b_info_disclosure is not vulnerable
[-] exploits/dlink/dvg_n5402sp_path_traversal is not vulnerable
[-] exploits/dlink/dwr_932_info_disclosure is not vulnerable
[-] Traceback (most recent call last):
  File "C:\Users\tyller\Documents\routersploit\routersploit\interpreter.py", line 292, in command_run
    self.current_module.run()
  File "C:\Users\tyller\Documents\routersploit\routersploit\modules\scanners\autopwn.py", line 43, in run
    module = imp.load_source('module', rootpath + f + '.py')
  File "routersploit/modules/exploits/fortinet/fortigate_os_backdoor.py", line 6, in <module>
    import termios
ImportError: No module named termios

rsf (AutoPwn) >

Could you check this issue and let me know, what could be happening.

ArtificialImmunity commented 8 years ago

It seems to be failing on the Import of termios (and will most likely fail on the import of tty if it ever got to it). That module is for UNIX only. Could be fixed by added try/except on import, but I'm not sure if the developers intended this to be for Windows? Either way, two helpful links: https://github.com/mwilliamson/spur.py/issues/16 http://stackoverflow.com/questions/6571476/abort-execution-of-a-module-in-python

If you have the means and know-how, I'd highly recommend running it from Linux, you can run Linux from a virtual environment.

nymx commented 8 years ago

@gabrielacosta RouterSploit was never meant to run on Windows.

lucyoa commented 8 years ago

@gabrielacosta Currently we are going to support only Linux and OSX

exploitprotocol commented 8 years ago

I have integrated this in Pentestbox and it works really fine except when any of these two exploits are used. https://github.com/reverse-shell/routersploit/search?utf8=%E2%9C%93&q=termios

or the scanner/autopwn is used because they are calling termios. I have tested for creds and scanners are working fine.

Here, we can either do not allow those two exploits to run or use msvcrt when windows is detected. https://docs.python.org/2/library/msvcrt.html

This would make it support on all platforms.

lucyoa commented 8 years ago

@exploitprotocol It is simple ssh interactive implementation because paramiko does not offer this functionality by default. I'm thinking about extracting this code to utilities that could be used by any module with simple invoking syntax. There could be also platform check and proper package could be used.

exploitprotocol commented 8 years ago

@lucyoa Hey, is there any update on this ?

lucyoa commented 8 years ago

@exploitprotocol Sorry for the delay. I hope I will be able to work on it this week.

lucyoa commented 8 years ago

@exploitprotocol I pushed changes: 03a99eacffc0a0c61405100023692a5690ca63fe It should work now on windows

exploitprotocol commented 8 years ago

Hey, @lucyoa, thanks for the fix, i can confirm all modules are working on windows :+1:

Keep up the good work!

lucyoa commented 8 years ago

@exploitprotocol Awesome, thanks!

HAE commented 5 years ago

Thank you for this great utility. I'm trying to run Routersploit in the Cygwin environment. Installation seems to have gone OK without errors, but when I run it it gives the following error:

$ ./rsf.py
Traceback (most recent call last):
File "./rsf.py", line 10, in
from routersploit.interpreter import RoutersploitInterpreter
ModuleNotFoundError: No module named 'routersploit'

It's not complaining about any external modules, but doesn't seem to find it's own interpreter. Any help is much appreciated.