Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TypeError: '>=' not supported between instances of 'tuple' and 'int' #738

Open
szymczag opened this issue May 4, 2021 · 2 comments
Open

Comments

@szymczag
Copy link

szymczag commented May 4, 2021

Steps to Reproduce (for bugs)

  1. get routersploit (latest version) from GitHub
  2. build a docker image
  3. run the docker image
  4. run the scanners/routers/router_scan
  5. base on the results use exploits/routers/multi/rom0
  6. get crash

Your Environment

  • RouterSploit Version used: v3.4.1
  • Operating System and version: macOS
  • Python Version: 3.6 (like in Docker image)
  • Python Environment: default from the Docker image

Current Behavior

It's crashing:

$ git clone https://www.github.com/threat9/routersploit
[…]
$ cd routersploit
$ docker build -t routersploit .
[…]
$ docker run -it --rm routersploit
 ______            _            _____       _       _ _
 | ___ \          | |          /  ___|     | |     (_) |
 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_
 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_
 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|
                                     | |
       Exploitation Framework for    |_|    by Threat9
            Embedded Devices

 Codename   : I Knew You Were Trouble
 Version    : 3.4.1
 Homepage   : https://www.threat9.com - @threatnine
 Join Slack : https://www.threat9.com/slack

 Join Threat9 Beta Program - https://www.threat9.com

 Exploits: 132 Scanners: 4 Creds: 171 Generic: 4 Payloads: 32 Encoders: 6

rsf > use scanners/routers/router_scan
rsf (Router Scanner) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Router Scanner) > run
[*] Running module scanners/routers/router_scan...

[*] 192.168.1.1 Starting vulnerablity check...
[…] 
[+] 192.168.1.1:80 http exploits/routers/multi/rom0 is vulnerable
[+] 192.168.1.1:80 http exploits/routers/linksys/eseries_themoon_rce is vulnerable
[…]
[*] Elapsed time: 40.3400 seconds

[*] 192.168.1.1 Starting default credentials check...
[…]
[*] Elapsed time: 0.0200 seconds

[*] 192.168.1.1 Could not verify exploitability:
[…]

[+] 192.168.1.1 Device is vulnerable:

   Target           Port     Service     Exploit
   ------           ----     -------     -------
   192.168.1.1     80       http        exploits/routers/multi/rom0
   192.168.1.1     80       http        exploits/routers/linksys/eseries_themoon_rce


[-] 192.168.1.1 Could not find default credentials
rsf (Router Scanner) > use exploits/routers/multi/rom0
rsf (RomPager ROM-0) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (RomPager ROM-0) > run
[*] Running module exploits/routers/multi/rom0...
[+] Target is vulnerable
[*] Downloading rom-0 file...
[*] Extracting password from file...
Traceback (most recent call last):
  File "/routersploit/routersploit/interpreter.py", line 389, in command_run
    self.current_module.run()
  File "/routersploit/routersploit/modules/exploits/routers/multi/rom0.py", line 60, in run
    password = self.extract_password(response.content)
  File "/routersploit/routersploit/modules/exploits/routers/multi/rom0.py", line 70, in extract_password
    result, window = LZSDecompress(data[fpos:])
  File "/routersploit/routersploit/libs/lzs/lzs.py", line 131, in LZSDecompress
    char = window[-offset]
  File "/routersploit/routersploit/libs/lzs/lzs.py", line 86, in __getitem__
    return self.__data__[n]
IndexError: deque index out of range

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "rsf.py", line 29, in <module>
    routersploit(sys.argv)
  File "rsf.py", line 25, in routersploit
    rsf.start()
  File "/routersploit/routersploit/interpreter.py", line 125, in start
    command_handler(args, **kwargs)
  File "/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
    return fn(self, *args, **kwargs)
  File "/routersploit/routersploit/interpreter.py", line 394, in command_run
    print_error(traceback.format_exc(sys.exc_info()))
  File "/usr/local/lib/python3.6/traceback.py", line 167, in format_exc
    return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain))
  File "/usr/local/lib/python3.6/traceback.py", line 121, in format_exception
    type(value), value, tb, limit=limit).format(chain=chain))
  File "/usr/local/lib/python3.6/traceback.py", line 509, in __init__
    capture_locals=capture_locals)
  File "/usr/local/lib/python3.6/traceback.py", line 338, in extract
    if limit >= 0:
TypeError: '>=' not supported between instances of 'tuple' and 'int'

$

Expected Behavior

uhm… no error & shell? :)

@Willemgtn
Copy link

I got the password decoding the base64 string, i'm just missing the Username

rsf (Billion 7700NR4 Password Disclosure) > check
[+] Target is vulnerable
rsf (Billion 7700NR4 Password Disclosure) > run
[*] Running module exploits/routers/billion/billion_7700nr4_password_disclosure...
[+] Found strings: AbCdMzdFOUY5MkMwAA==                                      <----- actual password here, the user is missing though.
[*] Trying to base64 decode
[+] Credentials found!

   Login     Password          
   -----     --------          
Traceback (most recent call last):
  File "/home/username/Downloads/git/routersploit/routersploit/interpreter.py", line 389, in command_run
    self.current_module.run()
  File "/home/username/Downloads/git/routersploit/routersploit/modules/exploits/routers/billion/billion_7700nr4_password_disclosure.py", line 56, in run
    print_table(("Login", "Password"), *creds)
  File "/home/username/Downloads/git/routersploit/routersploit/core/exploit/printer.py", line 137, in print_table
    "{:<{}}".format(element, fill[idx])
TypeError: unsupported format string passed to bytes.__format__

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "rsf.py", line 29, in <module>
    routersploit(sys.argv)
  File "rsf.py", line 25, in routersploit
    rsf.start()
  File "/home/userName/Downloads/git/routersploit/routersploit/interpreter.py", line 125, in start
    command_handler(args, **kwargs)
  File "/home/userName/Downloads/git/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper
    return fn(self, *args, **kwargs)
  File "/home/userName/Downloads/git/routersploit/routersploit/interpreter.py", line 394, in command_run
    print_error(traceback.format_exc(sys.exc_info()))
  File "/usr/lib/python3.7/traceback.py", line 167, in format_exc
    return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain))
  File "/usr/lib/python3.7/traceback.py", line 121, in format_exception
    type(value), value, tb, limit=limit).format(chain=chain))
  File "/usr/lib/python3.7/traceback.py", line 508, in __init__
    capture_locals=capture_locals)
  File "/usr/lib/python3.7/traceback.py", line 337, in extract
    if limit >= 0:
TypeError: '>=' not supported between instances of 'tuple' and 'int'

@Raghav032
Copy link

I am also getting the same error pls help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants