- This topic has 16 replies, 3 voices, and was last updated 4 years, 7 months ago by Zaid Sabih.
- AuthorPosts
- April 19, 2020 at 3:56 pm #34427Tom HarrowParticipant
At the very end of 8.3, my base64 command, after execution, is not truncated as it is in the lesson. The whole base64 code is showing. Then, when i refresh the web page after executing the passthru command, I get this error message from netcat: inverse host lookup failed: unknown host. So I don’t establish a connection to the web server. I do see the failed login attempts in the browser. The commands all seem to be correct in the formats specified. Thanks in advance,
Tom
April 20, 2020 at 9:13 am #34493Vashisht BoodhunParticipantCan you provide some screenshots of the steps taken? You can use the following to upload the image:
https://imgbb.com/April 20, 2020 at 6:39 pm #34547Tom HarrowParticipantVashisht, I posted two screen shots to https://imgbb.com/.
Tom
April 21, 2020 at 1:40 pm #34580Vashisht BoodhunParticipantYou need to give me the exact line for me to access them directly. Thank you.
April 21, 2020 at 1:40 pm #34581Vashisht BoodhunParticipantYou need to give me the exact line for me to access them directly. Thank you.
April 21, 2020 at 6:15 pm #34610Tom HarrowParticipantVashisht, not sure what you mean by that. The two files I uploaded are called “8.3 – passthru command” and “8.3 netcat command before encoding with Burpsuite base64 – nc running”. Is that what you need?
Tom
April 23, 2020 at 4:11 pm #34781Vashisht BoodhunParticipantLike i said, Can you provide some screenshots of the detailed steps taken?
April 23, 2020 at 6:41 pm #34808Tom HarrowParticipantPlease see attached screen shots. Today I can’t seem to load the auth.log file in dvwa. I could the other day. the screen shots are in one file at https://ibb.co/D72XLQL. NOTE: in the lecture, the log file is at var/auth/auth.log. On my metaspoitable vm, it’s at /var/log/auth.log
April 25, 2020 at 3:24 pm #34921Zaid SabihModeratorYou must have deleted it somehow now if you can’t load it, do you get an error that the file does not exist now or what?
April 25, 2020 at 9:18 pm #34937Tom HarrowParticipantRight, I get the message:ERROR: File not found! from the web server. However, when I navigate to the auth.log file in metasploitable, the auth.log file is there and shows the unsuccessful attempt by [email protected] to log in. It’s puzzling, because the same commands allowed me to see the auth.log file the first time I tried this in the web site. Then, my problem was netcat not making the connection. I’m regressing. I posted the latest images at https://ibb.co/xYSRb4g, called “8.3 random login results.”
April 26, 2020 at 1:54 pm #34998Zaid SabihModeratorThis is very strange, what if you just do
file=/var/log/auth.logAlso what about other files? like /etc/passwd
And are you sure the security settings set to low? if it is then please try removing all browsing data like history, catche…..etc set the security to low again and try again.April 26, 2020 at 9:04 pm #35028Tom HarrowParticipantThanks for the prompt reply, Zaid. So I took your above suggestions, and now get a slightly different error relating to permissions? A screen shot is attached at https://ibb.co/hCSGvMG.
Tom
April 27, 2020 at 4:48 pm #35121Vashisht BoodhunParticipantDid you try the other files? Can you access them?
April 28, 2020 at 5:44 pm #35229Tom HarrowParticipantI can open the etc/passwd file. I can open other files in the log directory, but can’t open any “syslog” files, like “auth.log”, “auth.log.0” or “debug”. DVWA is set to “low’, I confirmed that. It appears to be a permission or environment problem, but this would mean Metasploitable would not work for any other user for this test if this was the case. I haven’t changed any files in Metasploitable.
April 29, 2020 at 1:09 pm #35328Zaid SabihModeratorOkay well you can change the permissions using the following command
sudo chmod 777 /file/to/change/permissions.log - AuthorPosts
- You must be logged in to reply to this topic.