search

threat9 / routersploit

Exploitation Framework for Embedded Devices
Other
12.01k stars 2.31k forks source link

TypeError: '>=' not supported between instances of 'tuple' and 'int' #738

Open szymczag opened 3 years ago

szymczag commented 3 years ago

Steps to Reproduce (for bugs)

  1. get routersploit (latest version) from GitHub
  2. build a docker image
  3. run the docker image
  4. run the scanners/routers/router_scan
  5. base on the results use exploits/routers/multi/rom0
  6. get crash

Your Environment

Current Behavior

It's crashing:

$ git clone https://www.github.com/threat9/routersploit
[…]
$ cd routersploit
$ docker build -t routersploit .
[…]
$ docker run -it --rm routersploit
 ______            _            _____       _       _ _
 | ___ \          | |          /  ___|     | |     (_) |
 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_
 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_
 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|
                                     | |
       Exploitation Framework for    |_|    by Threat9
            Embedded Devices

 Codename   : I Knew You Were Trouble
 Version    : 3.4.1
 Homepage   : https://www.threat9.com - @threatnine
 Join Slack : https://www.threat9.com/slack

 Join Threat9 Beta Program - https://www.threat9.com

 Exploits: 132 Scanners: 4 Creds: 171 Generic: 4 Payloads: 32 Encoders: 6

rsf > use scanners/routers/router_scan
rsf (Router Scanner) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Router Scanner) > run
[*] Running module scanners/routers/router_scan...

[*] 192.168.1.1 Starting vulnerablity check...
[…] 
[+] 192.168.1.1:80 http exploits/routers/multi/rom0 is vulnerable
[+] 192.168.1.1:80 http exploits/routers/linksys/eseries_themoon_rce is vulnerable
[…]
[*] Elapsed time: 40.3400 seconds

[*] 192.168.1.1 Starting default credentials check...
[…]
[*] Elapsed time: 0.0200 seconds

[*] 192.168.1.1 Could not verify exploitability:
[…]

[+] 192.168.1.1 Device is vulnerable:

   Target           Port     Service     Exploit
   ------           ----     -------     -------
   192.168.1.1     80       http        exploits/routers/multi/rom0
   192.168.1.1     80       http        exploits/routers/linksys/eseries_themoon_rce

[-] 192.168.1.1 Could not find default credentials
rsf (Router Scanner) > use exploits/routers/multi/rom0
rsf (RomPager ROM-0) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (RomPager ROM-0) > run
[*] Running module exploits/routers/multi/rom0...
[+] Target is vulnerable
[*] Downloading rom-0 file...
[*] Extracting password from file...
Traceback (most recent call last):
  File "/routersploit/routersploit/interpreter.py", line 389, in command_run
    self.current_module.run()
  File "/routersploit/routersploit/modules/exploits/routers/multi/rom0.py", line 60, in run
    password = self.extract_password(response.content)
  File "/routersploit/routersploit/modules/exploits/routers/multi/rom0.py", line 70, in extract_password
    result, window = LZSDecompress(data[fpos:])
  File "/routersploit/routersploit/libs/lzs/lzs.py", line 131, in LZSDecompress
    char = window[-offset]
  File "/routersploit/routersploit/libs/lzs/lzs.py", line 86, in __getitem__
    return self.__data__[n]
IndexError: deque index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "rsf.py", line 29, in <module>
    routersploit(sys.argv)
  File "rsf.py", line 25, in routersploit
    rsf.start()
  File "/routersploit/routersploit/interpreter.py", line 125, in start
    command_handler(args, **kwargs)
  File "/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
    return fn(self, *args, **kwargs)
  File "/routersploit/routersploit/interpreter.py", line 394, in command_run
    print_error(traceback.format_exc(sys.exc_info()))
  File "/usr/local/lib/python3.6/traceback.py", line 167, in format_exc
    return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain))
  File "/usr/local/lib/python3.6/traceback.py", line 121, in format_exception
    type(value), value, tb, limit=limit).format(chain=chain))
  File "/usr/local/lib/python3.6/traceback.py", line 509, in __init__
    capture_locals=capture_locals)
  File "/usr/local/lib/python3.6/traceback.py", line 338, in extract
    if limit >= 0:
TypeError: '>=' not supported between instances of 'tuple' and 'int'

$

Expected Behavior

uhm… no error & shell? :)

Willemgtn commented 2 years ago

I got the password decoding the base64 string, i'm just missing the Username

rsf (Billion 7700NR4 Password Disclosure) > check
[+] Target is vulnerable
rsf (Billion 7700NR4 Password Disclosure) > run
[*] Running module exploits/routers/billion/billion_7700nr4_password_disclosure...
[+] Found strings: AbCdMzdFOUY5MkMwAA==                                      <----- actual password here, the user is missing though.
[*] Trying to base64 decode
[+] Credentials found!

   Login     Password          
   -----     --------          
Traceback (most recent call last):
  File "/home/username/Downloads/git/routersploit/routersploit/interpreter.py", line 389, in command_run
    self.current_module.run()
  File "/home/username/Downloads/git/routersploit/routersploit/modules/exploits/routers/billion/billion_7700nr4_password_disclosure.py", line 56, in run
    print_table(("Login", "Password"), *creds)
  File "/home/username/Downloads/git/routersploit/routersploit/core/exploit/printer.py", line 137, in print_table
    "{:<{}}".format(element, fill[idx])
TypeError: unsupported format string passed to bytes.__format__

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "rsf.py", line 29, in <module>
    routersploit(sys.argv)
  File "rsf.py", line 25, in routersploit
    rsf.start()
  File "/home/userName/Downloads/git/routersploit/routersploit/interpreter.py", line 125, in start
    command_handler(args, **kwargs)
  File "/home/userName/Downloads/git/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
    return fn(self, *args, **kwargs)
  File "/home/userName/Downloads/git/routersploit/routersploit/interpreter.py", line 394, in command_run
    print_error(traceback.format_exc(sys.exc_info()))
  File "/usr/lib/python3.7/traceback.py", line 167, in format_exc
    return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain))
  File "/usr/lib/python3.7/traceback.py", line 121, in format_exception
    type(value), value, tb, limit=limit).format(chain=chain))
  File "/usr/lib/python3.7/traceback.py", line 508, in __init__
    capture_locals=capture_locals)
  File "/usr/lib/python3.7/traceback.py", line 337, in extract
    if limit >= 0:
TypeError: '>=' not supported between instances of 'tuple' and 'int'
Raghav032 commented 2 years ago

I am also getting the same error pls help