- This topic has 16 replies, 3 voices, and was last updated 4 years, 6 months ago by
.
- Posts
At the very end of 8.3, my base64 command, after execution, is not truncated as it is in the lesson. The whole base64 code is showing. Then, when i refresh the web page after executing the passthru command, I get this error message from netcat: inverse host lookup failed: unknown host. So I don’t establish a connection to the web server. I do see the failed login attempts in the browser. The commands all seem to be correct in the formats specified. Thanks in advance,
Tom
Can you provide some screenshots of the steps taken? You can use the following to upload the image:
https://imgbb.com/Vashisht, I posted two screen shots to https://imgbb.com/.
Tom
Vashisht, not sure what you mean by that. The two files I uploaded are called “8.3 – passthru command” and “8.3 netcat command before encoding with Burpsuite base64 – nc running”. Is that what you need?
Tom
Please see attached screen shots. Today I can’t seem to load the auth.log file in dvwa. I could the other day. the screen shots are in one file at https://ibb.co/D72XLQL. NOTE: in the lecture, the log file is at var/auth/auth.log. On my metaspoitable vm, it’s at /var/log/auth.log
You must have deleted it somehow now if you can’t load it, do you get an error that the file does not exist now or what?
Right, I get the message:ERROR: File not found! from the web server. However, when I navigate to the auth.log file in metasploitable, the auth.log file is there and shows the unsuccessful attempt by [email protected] to log in. It’s puzzling, because the same commands allowed me to see the auth.log file the first time I tried this in the web site. Then, my problem was netcat not making the connection. I’m regressing. I posted the latest images at https://ibb.co/xYSRb4g, called “8.3 random login results.”
This is very strange, what if you just do
file=/var/log/auth.logAlso what about other files? like /etc/passwd
And are you sure the security settings set to low? if it is then please try removing all browsing data like history, catche…..etc set the security to low again and try again.Thanks for the prompt reply, Zaid. So I took your above suggestions, and now get a slightly different error relating to permissions? A screen shot is attached at https://ibb.co/hCSGvMG.
Tom
I can open the etc/passwd file. I can open other files in the log directory, but can’t open any “syslog” files, like “auth.log”, “auth.log.0” or “debug”. DVWA is set to “low’, I confirmed that. It appears to be a permission or environment problem, but this would mean Metasploitable would not work for any other user for this test if this was the case. I haven’t changed any files in Metasploitable.
- You must be logged in to reply to this topic.
