[-] 192.168.1.1 Could not find default credentials
rsf (AutoPwn) > use exploits/routers/tplink/archer_c9_admin_password_reset
rsf (TP-Link Archer C9 admin password reset (CVE-2017-11519)) > show options
Target options:
Name Current settings Description
ssl false SSL enabled: true/false
target Target IPv4 or IPv6 address
port 80 Target HTTP port
Module options:
Name Current settings Description
verbosity true Verbosity enabled: true/false
rsf (TP-Link Archer C9 admin password reset (CVE-2017-11519)) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (TP-Link Archer C9 admin password reset (CVE-2017-11519)) > run
[] Running module exploits/routers/tplink/archer_c9_admin_password_reset...
[] Getting current time at the target
[] Generating reset code at the target
[] Guessing reset code
[*] Trying code 829710 (seed 947100932)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/models.py", line 971, in json
return complexjson.loads(self.text, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/init.py", line 514, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 386, in decode
obj, end = self.raw_decode(s)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 416, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/kali/Documents/routersploit/routersploit/interpreter.py", line 386, in command_run
self.current_module.run()
File "/home/kali/Documents/routersploit/routersploit/modules/exploits/routers/tplink/archer_c9_admin_password_reset.py", line 147, in run
self.guess_reset_code(self.time)
File "/home/kali/Documents/routersploit/routersploit/modules/exploits/routers/tplink/archer_c9_admin_password_reset.py", line 90, in guess_reset_code
if self.try_reset_code(seed):
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Documents/routersploit/routersploit/modules/exploits/routers/tplink/archer_c9_admin_password_reset.py", line 84, in try_reset_code
return response.json()["success"]
^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/models.py", line 975, in json
raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/kali/Documents/routersploit/rsf.py", line 29, in
routersploit(sys.argv)
File "/home/kali/Documents/routersploit/rsf.py", line 25, in routersploit
rsf.start()
File "/home/kali/Documents/routersploit/routersploit/interpreter.py", line 125, in start
command_handler(args, *kwargs)
File "/home/kali/Documents/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
return fn(self, args, *kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Documents/routersploit/routersploit/interpreter.py", line 391, in command_run
print_error(traceback.format_exc(sys.exc_info()))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 184, in format_exc
return "".join(format_exception(sys.exc_info(), limit=limit, chain=chain))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 139, in format_exception
te = TracebackException(type(value), value, tb, limit=limit, compact=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 728, in init
self.stack = StackSummary._extract_from_extended_frame_gen(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 406, in _extract_from_extended_frame_gen
if limit >= 0:
^^^^^^^^^^
TypeError: '>=' not supported between instances of 'tuple' and 'int'
[+] 192.168.1.1 Device is vulnerable:
Target Port Service Exploit
192.168.1.1 80 http exploits/routers/tplink/archer_c9_admin_password_reset
[-] 192.168.1.1 Could not find default credentials rsf (AutoPwn) > use exploits/routers/tplink/archer_c9_admin_password_reset rsf (TP-Link Archer C9 admin password reset (CVE-2017-11519)) > show options
Target options:
Name Current settings Description
ssl false SSL enabled: true/false
target Target IPv4 or IPv6 address
port 80 Target HTTP port
Module options:
Name Current settings Description
verbosity true Verbosity enabled: true/false
rsf (TP-Link Archer C9 admin password reset (CVE-2017-11519)) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (TP-Link Archer C9 admin password reset (CVE-2017-11519)) > run [] Running module exploits/routers/tplink/archer_c9_admin_password_reset... [] Getting current time at the target [] Generating reset code at the target [] Guessing reset code [*] Trying code 829710 (seed 947100932) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/models.py", line 971, in json return complexjson.loads(self.text, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/init.py", line 514, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 386, in decode obj, end = self.raw_decode(s) ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 416, in raw_decode return self.scan_once(s, idx=_w(s, idx).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/home/kali/Documents/routersploit/routersploit/interpreter.py", line 386, in command_run self.current_module.run() File "/home/kali/Documents/routersploit/routersploit/modules/exploits/routers/tplink/archer_c9_admin_password_reset.py", line 147, in run self.guess_reset_code(self.time) File "/home/kali/Documents/routersploit/routersploit/modules/exploits/routers/tplink/archer_c9_admin_password_reset.py", line 90, in guess_reset_code if self.try_reset_code(seed): ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/kali/Documents/routersploit/routersploit/modules/exploits/routers/tplink/archer_c9_admin_password_reset.py", line 84, in try_reset_code return response.json()["success"] ^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/requests/models.py", line 975, in json raise RequestsJSONDecodeError(e.msg, e.doc, e.pos) requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/home/kali/Documents/routersploit/rsf.py", line 29, in
routersploit(sys.argv)
File "/home/kali/Documents/routersploit/rsf.py", line 25, in routersploit
rsf.start()
File "/home/kali/Documents/routersploit/routersploit/interpreter.py", line 125, in start
command_handler(args, *kwargs)
File "/home/kali/Documents/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
return fn(self, args, *kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Documents/routersploit/routersploit/interpreter.py", line 391, in command_run
print_error(traceback.format_exc(sys.exc_info()))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 184, in format_exc
return "".join(format_exception(sys.exc_info(), limit=limit, chain=chain))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 139, in format_exception
te = TracebackException(type(value), value, tb, limit=limit, compact=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 728, in init
self.stack = StackSummary._extract_from_extended_frame_gen(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/traceback.py", line 406, in _extract_from_extended_frame_gen
if limit >= 0:
^^^^^^^^^^
TypeError: '>=' not supported between instances of 'tuple' and 'int'