Hi everyone :]
So, I’ve been working on the metasploit framework beginner lab in academy, and I’ve gotten stuck at the last question.
“The target system has an old version of Sudo running. Find the relevant exploit and get root access to the target system. Find the flag.txt file and submit the contents of it as the answer.”
I think I found the correct exploit, because the resources I found documenting it said you could check if a machine is vulnerable based off the error it gives you, and the machine did throw that error.
But I’m confused why it’s not working if the machine should be vulnerable, and I haven’t found anything that shows me what I’m doing wrong.
Here’s the error it throws when I run the exploit btw:
[!] SESSION may not be compatible with this module:
[!] * incompatible session architecture: x86
 Started reverse TCP handler on 10.10.14.145:4444
 Running automatic check (“set AutoCheck false” to disable)
[!] The service is running, but could not be validated. sudo 1.8.31 may be a vulnerable build.
 Using automatically selected target: Ubuntu 20.04 x64 (sudo v1.8.31, libc v2.31)
 Writing ‘/tmp/Dn66uboX.py’ (763 bytes) …
[-] Exploit failed: NoMethodError undefined method `size’ for nil:NilClass
Does anyone one here know how to fix the error here? Thanks for the help too :]
I used a native exploit module in MSF and got root (no need to import/load an external module into msf) . I already had an established session from the initial access exploit on port 80, then used my session as the parameter for the ‘sudo_baron_samedit’. Is this any different than what you did?
You need to make sure you are using the correct exploit within metasploit.
I used the exploit linux/http/elfinder_archive_cmd_injection to gain a shell to the machine, though I don’t have root access with it, by “a native exploit” do you mean there’s another exploit I missed that isn’t the elfinder or the sudo one? Thanks for the help btw :]
You are correct with the first exploit. You will use an additional exploit that leverages the session you created with the elfinder exploit. Hopes that helps!
Ah, okay. That helps a lot, thanks
Sorry to bring up the same problem again, but I tried doing what you said here, and I still get the error “Exploit completed, but no session was created”.
For context, I had a session already, and then I backgrounded it to load run the sudo_baron_samedit, after that, I used “set session 1” since my only session was that one, the I used “run”.
From what I understand, that sounds like what you did? I’m probably just missing something super obvious as these things usually go, do you see anything I missed here?
Hi, I just re-visited the module to see what I did. I did have to re-adjust my settings like so:
Once you establish the first meterpreter session with elfinder exploit, background it, the use the sudo_baron_samedeit exploit like we already discussed, but once you use this exploit you may need to adjust your LHOST to be the vpn interface (I always just set LHOST to ‘tun0’) and LPORT—by default it uses 4444, which your first session might already be using if you didn’t change it.
So just now I tried it again in pwnbox and for the sudo_baron exploit, I used LHOST = tun0, LPORT = 4445, and set session to 1, which my initial exploit is currently using.
Hope this helps!
Thanks so much for the help!
I’ll try following those steps and hopefully it works out this time.
any time, I hope it works!
It finally worked!! It looks like I just never thought to change the port. I don’t think I would’ve figured that out for a looooooong time without your help.
Thank you so much, especially for taking the time to do the module a second time.