Using the metasploit framework | Sessions & Jobs - Flag is wrong

Hi guys,
I’m following the module “Using the metasploit framework”
but I’m stuck on challenge “Sessions & Jobs” because I insert the flag (found in /root/flag.txt) but it is wrong.
I checked for any spaces or strange characters derived from copy and paste but it is always wrong.
Are there any other flags? Help me! :cry:

Same problem

How could you do the excalation of privilege? I am blocked from accessing the root file.
The module is however marked easy.

hi mate, area u have finished the questions in the meterpreter section?
can you hint something, for find exploit to get shell

look for an exploit for the SUDO version :vulcan_salute:

2 Likes

He is usually depicted with a white hat, black suit, sunglasses and cotton covering his nostrils. His face has the appearance of a white skull and speaks in a nasal voice. :vulcan_salute:

Can you solve it?

I need some help here myself. I can get the first payload to work, find the version of sudo and run what I believe is the correct second exploit set to session 1 that I put into the background. The exploit runs and looks like it will work but says Exploit completed, but no session was created. I also noticed this message * incompatible session architecture: x86. Can any help me out? Thank you.

NVM I got it. If you happen to run into this issue check the RPORT and RHOST settings.

please i am having an issue getting a shell with elevated privileges
what i have tried so far
i have successfully exploit the vulnerability using elfinder exploit in metasploit
i have use the pkexec cve 2021-4031 in order to obtain an elevated shell but without success please any help

Hi,
I have same problems as yours. RHOST AND RPORT can’t be set for second exploit. LHOST and LPORT are set correctly. Could you say more precisely what have you done?

OK, after many failures, i finally completed it.
First of all, you have to check sudo version. man sudo after starting shell on target.
Then, find sudo exploit for this version.
When you will set LPORT for it, remeber, LPORT can’t be the same as in first exploit.
Also, had to use HTB VM beacouse my vpn was timing out killing my meterpreter session

i succeded just using the wrong exploit !

1 Like

Hi!

One can always use lester (the local_exploit_suggester) pointing to a session to check for vulnerabilities. Note that in order to scan it properly, you must find out the appropriate architecture, as well as when deciding payloads. Best!

1 Like

For now i couldn’t get in with MSF but i could get in with another exploit. In MSF; i found 2 elfinder exploits which both didnt work (one not vulnerable and other didnt get a session).

Did i miss anything in MSF?

i have a same problem… help me please :frowning:

for those who don’t find answers yet… once you find the exploit for the finder, check the sudo version. Then use ctrl +z to keep that session in the background and look for the necessary exploit for that version of sudo. Configure the exploit using the correct architecture (x64) and you’re done! RUN!!!

What I live about this that SO many wrong things works just in the right way hahahaha. Just be careful to be the stealtheast possible