- April 19, 2020 at 3:56 pm #34427
At the very end of 8.3, my base64 command, after execution, is not truncated as it is in the lesson. The whole base64 code is showing. Then, when i refresh the web page after executing the passthru command, I get this error message from netcat: inverse host lookup failed: unknown host. So I don’t establish a connection to the web server. I do see the failed login attempts in the browser. The commands all seem to be correct in the formats specified. Thanks in advance,
TomApril 20, 2020 at 9:13 am #34493
Can you provide some screenshots of the steps taken? You can use the following to upload the image:
https://imgbb.com/April 20, 2020 at 6:39 pm #34547April 21, 2020 at 1:40 pm #34580
You need to give me the exact line for me to access them directly. Thank you.April 21, 2020 at 1:40 pm #34581
You need to give me the exact line for me to access them directly. Thank you.April 21, 2020 at 6:15 pm #34610
Vashisht, not sure what you mean by that. The two files I uploaded are called “8.3 – passthru command” and “8.3 netcat command before encoding with Burpsuite base64 – nc running”. Is that what you need?
TomApril 23, 2020 at 4:11 pm #34781
Like i said, Can you provide some screenshots of the detailed steps taken?April 23, 2020 at 6:41 pm #34808
Please see attached screen shots. Today I can’t seem to load the auth.log file in dvwa. I could the other day. the screen shots are in one file at https://ibb.co/D72XLQL. NOTE: in the lecture, the log file is at var/auth/auth.log. On my metaspoitable vm, it’s at /var/log/auth.logApril 25, 2020 at 3:24 pm #34921
You must have deleted it somehow now if you can’t load it, do you get an error that the file does not exist now or what?April 25, 2020 at 9:18 pm #34937
Right, I get the message:ERROR: File not found! from the web server. However, when I navigate to the auth.log file in metasploitable, the auth.log file is there and shows the unsuccessful attempt by [email protected] to log in. It’s puzzling, because the same commands allowed me to see the auth.log file the first time I tried this in the web site. Then, my problem was netcat not making the connection. I’m regressing. I posted the latest images at https://ibb.co/xYSRb4g, called “8.3 random login results.”April 26, 2020 at 1:54 pm #34998
This is very strange, what if you just do
Also what about other files? like /etc/passwd
And are you sure the security settings set to low? if it is then please try removing all browsing data like history, catche…..etc set the security to low again and try again.April 26, 2020 at 9:04 pm #35028
Thanks for the prompt reply, Zaid. So I took your above suggestions, and now get a slightly different error relating to permissions? A screen shot is attached at https://ibb.co/hCSGvMG.
TomApril 27, 2020 at 4:48 pm #35121
Did you try the other files? Can you access them?April 28, 2020 at 5:44 pm #35229
I can open the etc/passwd file. I can open other files in the log directory, but can’t open any “syslog” files, like “auth.log”, “auth.log.0” or “debug”. DVWA is set to “low’, I confirmed that. It appears to be a permission or environment problem, but this would mean Metasploitable would not work for any other user for this test if this was the case. I haven’t changed any files in Metasploitable.April 29, 2020 at 1:09 pm #35328
Okay well you can change the permissions using the following command
sudo chmod 777 /file/to/change/permissions.log
- You must be logged in to reply to this topic.