This is the challenge task for this module-
I did -
then I tried searching for any modules related to Apache 2.4.54 but could not find any. Then tried for httpd. Nothing for 2.4.54 is there.
I tried other modules but they are not working.
Can anyone help with this?
Thanks in advance.
I can help.
Go to the website it’s talking about and maybe you could search for the version number (at the bottom) or maybe you perhaps search for the service it’s called.
As in, what it says on the website at the top.
It’s confusing because it feels like we are searching for Apache, or 2.4.54. But that is not the case - I got confused too.
I will try it out today and reach out if I face any difficulty.
Thanks
Without spoiling too much, the IP listed in the challenge target was NOT the IP of the server that was actually intended to be targeted when I ran this.
Which overall is fine… but since this is related to Ethical Hacking, and the Scope (Rules of Engagement) clearly say the target is one IP… it was only because this was a training course that I felt comfortable expanding to other IPs. In a real engagement, I would need to get clarification on scope/ROE before doing this.
Hey friends!
The confusion here is totally understandable – my bad! I’ve gone ahead and (I think) clarified the ask. If you discover otherwise, here: 
(I kid).
Thanks for playing, and don’t forget to hack the planet!!
Hello All i was unable to find what solution is implied here. can someone give little more details on how to approach this challenge.
thanks
Consider the following:
If you run an “nmap -sV” scan on a target server, it will show you the services and versions running on any open ports discovered.
In the case of a web application, it will show the service and version of the web service that’s running on that port (e.g., Apache, Nginx) rather than the web application that service is providing access to.
Hmmm, in that case, maybe it’s worth browsing around in search of a version.
Happy hacking!
hi all,
I am trying to run the exploit but even after several tries its failing. Any thoughts on where am I going wrong?
Hey there - based on the error message, I would recommend revisiting your targeting. I would also double-check to confirm you’re using the correct exploit module. I don’t recognize the cacti_unauthenticated_cmd_injection module as one that appears in the Instructions for Metasploit Basics Lessons 2 or 3.
If you’re still having trouble, it will help to get the exact lesson you’re working on, as well as the step number and a screenshot with more of your command history visible.
Thank you for the response. I got it working now. I had to change the RPORT to make it work.
Good evening, everyone, I’m having a problem to access root privileges. I dont know what to do anymore. Any tips. Thank you. I can see the files from cacti and everything but I dont find the flag. Thank you ver much.
Hey there - happy to help, but we’ll need a little more information:
Lab Name (to be sure)
Lesson (ie Guided Exercise or Challenge Exercise)
Part / Step Number
Description of Issue
Screenshot
Thanks!
Hello mate, Metasploit Basics, Challenge Exercise.
This part, Finally, you will upgrade your privileges to root and obtain the flag we’ve left. I dont know how to have root privileges, I did the hack and I can see all the files from cacti. My user is www-data but I dont know how to became root. . Im trying since Monday every day and today is friday.
You completed the Guided Exercise, correct? Once you’ve gained access to the Challenge host - which it looks like you did - have you tried following the same steps you used in the Guided Exercise to escalate privileges?
I save a PDF from the last exercise. I always do it to have a “tutorial” for the challenge but this part maybe I have to go back so.
I KNOW WHAT YOU MEAN, WAIT A SECOND. I will answer you later.
The answer was in my face all the time, thank you very much calm quail 2332. LETS GOOOO
Hell yeah, you know what to do - happy hacking!
