Persistent Error in exploit module linksys/eseries_themoon_rce

[andrewhenke]

Steps to Reproduce (for bugs)

Taking it from the initial startup of the program to error, here are the steps I've taken.

1. sudo python3 rsf.py
2. use scanners/autopwn
3. set target 54.77.xx.xxx (IP Address redacted for client confidentiality, if it is desired to be disclosed please contact me directly)
4. run

Upon completion of the scan, the target is vulnerable to:

   ------           ----     -------     -------
   54.77.xx.xxx     80       http        exploits/routers/linksys/eseries_themoon_rce
   54.77.xx.xxx     80       http        exploits/cameras/mvpower/dvr_jaws_rce

5. use exploits/routers/linksys/eseries_themoon_rce
6. set target 54.77.xx.xxx
7. run Output:

   
   [*] Running module exploits/routers/linksys/eseries_themoon_rce...
   [+] Target is vulnerable
   [*] Invoking command loop...
   [*] It is blind command injection - response is not available

[+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands.

8. 'show payloads'
9. `set payload mipsle/reverse_tcp`
10. `run` 

Immediately upon pressing the enter/return key and sending the command, I get the following error, and it exit's me from the program and returns me to my command line: 

```cmd (MIPSLE Reverse TCP) > run
Traceback (most recent call last):
  File "/opt/routersploit/routersploit/interpreter.py", line 389, in command_run
    self.current_module.run()
  File "/opt/routersploit/routersploit/modules/exploits/routers/linksys/eseries_themoon_rce.py", line 54, in run
    shell(self, architecture="mipsle", method="wget", location="/tmp")
  File "/opt/routersploit/routersploit/core/exploit/shell.py", line 124, in shell
    data = payload.generate()
  File "/opt/routersploit/routersploit/modules/payloads/mipsle/reverse_tcp.py", line 21, in generate
    reverse_ip = utils.convert_ip(self.lhost)
  File "/opt/routersploit/routersploit/core/exploit/utils.py", line 69, in convert_ip
    res += bytes([int(i)])
ValueError: invalid literal for int() with base 10: ''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "rsf.py", line 29, in <module>
    routersploit(sys.argv)
  File "rsf.py", line 25, in routersploit
    rsf.start()
  File "/opt/routersploit/routersploit/interpreter.py", line 125, in start
    command_handler(args, **kwargs)
  File "/opt/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
    return fn(self, *args, **kwargs)
  File "/opt/routersploit/routersploit/interpreter.py", line 394, in command_run
    print_error(traceback.format_exc(sys.exc_info()))
  File "/usr/lib/python3.8/traceback.py", line 167, in format_exc
    return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain))
  File "/usr/lib/python3.8/traceback.py", line 120, in format_exception
    return list(TracebackException(
  File "/usr/lib/python3.8/traceback.py", line 509, in __init__
    self.stack = StackSummary.extract(
  File "/usr/lib/python3.8/traceback.py", line 340, in extract
    if limit >= 0:
TypeError: '>=' not supported between instances of 'tuple' and 'int'
root@kali:/opt/routersploit#

And then I have to restart the program, reload global configuration/port settings, etc, and then, if I was to attempt to just run steps 5 and forward (in the above replication steps), it would, and will, still give the same errors with the same result as detailed above.

Your Environment

• RouterSploit Version used:

  Codename   : I Knew You Were Trouble
  Version    : 3.4.1

• Operating System and version: Linux kali 4.19.118-Re4son-v7+ armv7l GNU/Linux
• Python Version: Python 3.8.3
• Python Environment:

  acora==2.2
  adblockparser==0.7
  aiocmd==0.1.2
  aiodns==2.0.0
  aiohttp==3.6.2
  aioredis==1.3.1
  aiowinreg==0.0.3
  ajpy==0.0.4
  alabaster==0.7.12
  alembic==1.1.0.dev0
  altgraph==0.17
  aniso8601==8.0.0
  apipkg==1.5
  apispec==3.3.1
  apispec-webframeworks==0.5.2
  APScheduler==0.0.0
  arrow==0.15.5
  artifacts==20190320
  asciitree==0.3.3
  asn1crypto==0.24.0
  async-timeout==3.0.1
  asysocks==0.0.2
  atomicwrites==1.3.0
  attrs==19.3.0
  autobahn==17.10.1
  Automat==0.8.0
  Babel==2.8.0
  backcall==0.1.0
  backdoor-factory==0.0.0
  bcrypt==3.1.7
  beautifulsoup4==4.9.1
  binwalk==2.2.0
  blinker==1.4
  bottle==0.12.15
  Brotli==1.0.7
  brotlipy==0.7.0
  bs4==0.0.1
  cairocffi==0.9.0
  capstone==3.0.5
  catfish==1.4.13
  cbor==1.0.0
  certifi==2020.4.5.1
  cffi==1.14.0
  Chameleon==3.6.2
  chardet==3.0.4
  CherryPy==8.9.1
  Click==7.0
  click-plugins==1.1.1
  cmd2==1.0.2
  colorama==0.4.3
  commonmark==0.9.1
  configobj==5.0.6
  constantly==15.1.0
  cpuset==1.6
  crackmapexec==5.0.2.dev0
  crcelk==1.3
  cryptography==2.8
  cupshelpers==1.0
  cycler==0.10.0
  Cython==0.29.14
  dbus-python==1.2.16
  debtags==2.1
  decorator==4.4.2
  deprecation==2.0.7
  dhcpig==0.0.0
  dicttoxml==1.7.4
  discord==1.0.1
  discord.py==1.3.3
  distro==1.5.0
  distro-info==0.23
  Django==2.2.13
  dnslib==0.9.13
  dnspython==1.16.0
  docutils==0.16
  dput==1.29
  EasyProcess==0.2.10
  ecdsa==0.15
  email-validator==1.0.3
  entrypoints==0.3
  et-xmlfile==1.0.1
  execnet==1.7.1
  ExifRead==2.1.2
  expiringdict==1.1.4
  face-recognition-models==0.3.0
  Faker==4.0.3
  faraday-plugins==1.2
  faradaysec==3.11.1
  feedparser==5.2.1
  filedepot==0.5.2
  filteralchemy==0.1.0
  flake8==3.7.9
  flasgger==0.9.4
  Flask==1.1.2
  Flask-BabelEx==0.9.4
  Flask-Classful==0.14.1
  Flask-KVSession-fork==0.6.3
  Flask-Login==0.5.0
  Flask-Mail==0.9.1
  Flask-Principal==0.4.0
  Flask-RESTful==0.3.8
  Flask-Restless==0.17.0
  Flask-Security==3.0.0
  Flask-Session==0.3.1
  Flask-SQLAlchemy==2.4.0
  Flask-WTF==0.14.3
  flit==2.3.0
  flit-core==2.3.0
  future==0.18.2
  GDAL==3.0.4
  GeoIP==1.3.2
  geoip2==2.9.0
  gevent==1.4.0
  gitdb==4.0.5
  GitPython==3.1.3
  google==2.0.2
  gpg===1.13.1-unknown
  greenlet==0.4.15
  grequests==0.4.0
  gunicorn==20.0.4
  gyp==0.1
  h11==0.9.0
  h2==3.2.0
  hashID==3.1.4
  hiredis==1.0.1
  hpack==3.0.0
  html2text==2020.1.16
  html5lib==1.0.1
  humanize==2.4.0
  hupper==1.10.2
  hyperframe==5.2.0
  hyperlink==19.0.0
  idna==2.5
  imagesize==1.2.0
  impacket==0.9.21
  importlib-metadata==1.6.0
  incremental==16.10.1
  intervaltree==3.0.2
  IoT-Implant-Toolkit==1.0
  ipwhois==0.15.1
  IPy==1.0
  ipython==7.15.0
  ipython-genutils==0.2.0
  isodate==0.6.0
  itsdangerous==1.1.0
  jdcal==1.0
  jedi==0.17.0
  Jinja2==2.11.2
  jsonrpclib-pelix==0.3.1
  jsonschema==3.2.0
  jupyter-core==4.6.3
  kaitaistruct==0.8
  kazam==1.4.5
  keepalive==0.5
  KismetCaptureFreaklabsZigbee==2018.7.0
  KismetCaptureRtl433==2019.9.1
  KismetCaptureRtladsb==2019.10.1
  KismetCaptureRtlamr==2019.10.1
  kiwisolver==1.0.1
  ldap3==2.7
  ldapdomaindump==0.9.1
  lightdm-gtk-greeter-settings==1.2.2
  lsassy==2.1.2
  lxml==4.5.0
  lz4==3.0.2+dfsg
  M2Crypto==0.31.0
  Mako==1.1.2
  Markdown==3.2.2
  markovify==0.8.0
  MarkupSafe==1.1.1
  marshmallow==3.6.0
  marshmallow-sqlalchemy==0.19.0
  matplotlib==3.2.1
  maxminddb==1.4.1
  mccabe==0.6.1
  mechanize==0.4.5
  mimerender==0.6.0
  minidump==0.0.12
  minikerberos==0.2.0
  mistune==0.8.4
  mitmproxy==4.0.4
  more-itertools==4.2.0
  msgpack==0.6.2
  msldap==0.2.10
  multidict==4.7.6
  mysqlclient==1.4.4
  nbformat==5.0.7
  ndg-httpsclient==0.5.1
  neo4j==1.7.0.dev0
  neobolt==1.7.17
  neotime==1.7.4
  netaddr==0.7.19
  netifaces==0.10.9
  netmiko==2.4.2
  networkx==2.4
  nplusone==1.0.0
  ntlm-auth==1.4.0
  numexpr==2.7.1
  numpy==1.17.4
  olefile==0.46
  openpyxl==2.4.9
  packaging==20.3
  pandas==0.25.3
  paramiko==2.6.0
  parsedatetime==2.4
  parso==0.7.0
  passlib==1.7.2
  Paste==3.4.0
  PasteDeploy==2.1.0
  PasteScript==2.0.2
  patator==0.7
  pefile==2019.4.18
  pep517==0.8.2
  pexpect==4.6.0
  pgspecial==1.9.0
  phonenumbers==8.12.1
  pickleshare==0.7.5
  pigpio==1.42
  Pillow==6.2.1
  plaster==1.0
  plaster-pastedeploy==0.5
  playsound==1.2.2
  plecost==1.1.2
  plotly==4.7.1
  pluggy==0.13.0
  pluginbase==1.0.0
  ply==3.11
  pockets==0.9.1
  pprintpp==0.4.0
  prettytable==0.7.2
  prompt-toolkit==3.0.5
  protobuf==3.11.4
  proxmoxer==1.0.3
  psutil==5.7.0
  psycopg2==2.8.5
  py==1.5.4
  py-ubjson==0.14.0
  pyaff4==0.26.post6
  pyasn1==0.4.2
  pyasn1-modules==0.2.1
  pycairo==1.16.2
  pycares==3.1.1
  pycodestyle==2.5.0
  pycparser==2.20
  pycrypto==2.6.1
  pycryptodome==3.9.7
  pycryptodomex==3.9.7
  pycups==1.9.73
  pycurl==7.43.0.2
  pydot==1.4.1
  pyelftools==0.26
  pyenchant==2.0.0
  pyExploitDb==0.2.0
  pyfiglet==0.8.post0
  pyflakes==2.1.1
  Pygments==2.6.1
  PyGObject==3.36.0
  pygraphviz==1.5
  PyHamcrest==1.9.0
  PyICU==2.5
  pyinotify==0.9.6
  PyInstaller==3.5+498e6ee058
  pylnk3==0.2.1
  pymongo==3.7.0
  pymssql==2.1.4
  PyNaCl==1.4.0
  PyOpenGL==3.1.5
  pyOpenSSL==19.1.0
  pyparsing==2.4.7
  pypcapfile==0.12.1
  PyPDF2==1.26.0
  pyperclip==1.8.0
  pypng==0.0.20
  pypsrp==0.4.0
  pypykatz==0.3.7
  PyQRCode==1.2.1
  PyQt5==5.14.2
  pyqtgraph==0.11.0rc0
  pyramid==1.10.4
  pyrsistent==0.15.5
  pyserial==3.4
  pyShodan==0.2.3
  pysmbc==1.0.15.6
  pysmi==0.3.2
  pysnmp==4.4.6
  PySocks==1.7.1
  pytest==4.4.0
  pytest-forked==1.1.3
  pytest-xdist==1.31.0
  python-apt==2.1.3
  python-dateutil==2.8.1
  python-debian==0.1.37
  python-docx==0.8.10
  python-editor==1.0.3
  python-ldap==3.2.0
  python-magic==0.4.16
  python-magic-ahupp==0.4.13
  python-mimeparse==1.6.0
  python-pam==1.8.4
  python-pptx==0.6.18
  python-snappy==0.5.3
  pytoml==0.1.21
  PyTrie==0.2
  pytsk3==20190507
  pytz==2020.1
  pyudev==0.21.0
  PyVirtualDisplay==0.2.5
  pywerview==0.2.0
  pyxdg==0.26
  PyYAML==5.3.1
  qrcode==6.1
  Quamash==0.6.1
  rdflib==4.2.2
  redis==3.3.11
  rekall-core==1.7.2rc1
  rekall-lib==1.7.1
  repoze.lru==0.7
  requests==2.21.0
  requests-futures==1.0.0
  requests-ntlm==1.1.0
  requests-toolbelt==0.9.1
  retrying==1.3.3
  rich==2.0.0
  roman==2.0.0
  routersploit==3.4.0
  Routes==2.4.1
  rpi-tempmon.py==2.1
  RPi.GPIO==0.7.0
  rq==1.4.0
  ruamel.yaml==0.15.89
  s-tui==1.0.0b3
  scapy==2.4.3
  scipy==1.4.1
  scp==0.13.0
  secure==0.2.1
  selenium==4.0.0a1
  service-identity==18.1.0
  setproctitle==1.1.10
  shodan==1.23.0
  simplejson==3.17.0
  simplekv==0.13.0
  sip==4.19.22
  six==1.15.0
  smmap==3.0.4
  smoke-zephyr==2.0.0
  snowballstemmer==2.0.0
  sortedcontainers==2.1.0
  soupsieve==2.0.1
  SPARQLWrapper==1.8.5
  speaklater==1.3
  speedtest-cli==2.1.2
  Sphinx==1.8.3
  sphinx-better-theme==0.1.5
  sphinxcontrib-napoleon==0.7
  sphinxcontrib-websupport==1.2.2
  spur==0.3.21
  SQLAlchemy==1.3.15
  sqlalchemy-schemadisplay==1.3
  sqlparse==0.3.1
  stem==1.8.0
  syslog-rfc5424-formatter==1.2.2
  tableprint==0.8.0
  tables==3.6.1
  tabulate==0.8.2
  Tempita==0.5.2
  termcolor==1.1.0
  terminaltables==3.1.0
  termineter==1.0.4
  text-unidecode==1.3
  textfsm==1.1.0
  texttable==1.6.2
  theHarvester==3.1.0
  threat9-test-bed==0.6.1.dev2+g1ed61b3
  tld==0.11.11
  tls-parser==1.2.2
  toml==0.10.1
  tornado==5.1.1
  torrequest==0.1.0
  tqdm==4.43.0
  traitlets==4.3.3
  translationstring==1.3
  Twisted==18.9.0
  txaio==20.4.1
  typing-extensions==3.7.4.2
  tzlocal==2.1b1
  u-msgpack-python==2.3.0
  ufw==0.36
  unattended-upgrades==0.1
  unicodecsv==0.14.1
  Unidecode==1.1.1
  urllib3==1.22
  urwid==2.0.1
  validators==0.14.2
  validictory==0.8.3
  vcrpy==4.0.2
  venusian==3.0.0
  vinetto==0.8.0
  wafw00f==2.1.0
  waitress==1.4.1
  wapiti3==3.0.3
  wcwidth==0.1.9
  webargs==6.1.0
  webencodings==0.5.1
  WebOb==1.8.6
  websocket-client==0.53.0
  websockets==8.1
  websploit==4.0.4
  WebTest==2.0.34
  Werkzeug==1.0.0
  wfuzz==2.4.5
  whois==0.8
  wifite==2.5.2
  winacl==0.0.2
  wrapt==1.11.2
  wsaccel==0.6.2
  wsproto==0.15.0
  WTForms==2.2.1
  wxPython==4.0.7
  xcffib==0.8.1
  xlrd==1.1.0
  XlsxWriter==1.1.2
  xlwt==1.3.0
  xmltodict==0.12.0
  yara-python==3.10.0
  yarl==1.4.2
  yaswfp==0.9.3
  zim==0.72.1
  zipp==1.0.0
  zope.component==4.3.0
  zope.deprecation==4.4.0
  zope.event==4.4
  zope.hookable==5.0.1
  zope.interface==4.7.1

  Current Behavior

  Currently, and for several weeks, the eseries_themoon_rce module has been throwing multiple errors resulting in the complete exit of the program upon execution of either payload contained within the module, on either architecture. I have avoided the use of the module as much as I can, in the spirit of a future update potentially correcting the error but it is immediately relevant to my current work project so I decided to make contact regarding the error.

Expected Behavior

I expected that the module would, at the least, function correctly instead of error-exiting, although I have experienced on-and-off issues of various natures with this particular module for quite a few years now.

[andrewhenke]

Update Note:

I did just run git pull and pull an update, however I ran the module again, and it still hasn't changed the performance from the situation described in my original message. I didn't think it would, as the changes were to README.md and two of the wordlists. Just wanted to let you know. The Routersploit Version is still Version: 3.4.1

[andrewhenke]

I believe that this may have something to do with a device)target showing as positive (vulnerable) to an exploit, but not using the architecture the exploit is intended for. I experienced the same issue as my original issue with a device I knew wasn't the mipsle or mipsbe architecture and it did the same error. However, I was also able to achieve the same error on a different exploit module as well. I'll provide more information and specifics if it would be helpful, just let me know!

[rafa-br34]

Same problem here.