Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #39573
    AvatarRiccardo
    Participant

    Hi,
    I’m at lecture 8.3
    When i try to enter to http://IP_ADDRESS/dvwa/vulnerabilities/fi/?page=../../../../var/log/auth.log return to me:

    
    Warning: include(../../../../var/log/auth.log) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/vulnerabilities/fi/index.php on line 35
    
    Warning: include() [function.include]: Failed opening '../../../../var/log/auth.log' for inclusion (include_path='.:/usr/share/php:/usr/share/pear:../../external/phpids/0.6/lib/') in /var/www/dvwa/vulnerabilities/fi/index.php on line 35
    
    Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 324
    
    Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 325
    
    Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 326
    

    The security level is set to low. Same problem with medium security level. Is there anything else I can try?

    Best, R.F.

    #39585
    diegodiego
    Moderator

    Hi Riccardo!
    Can you try to add a couple more ../../ to your injection?

    Let me know how it goes!
    Diego

    #39594
    AvatarRiccardo
    Participant

    Hi Diego,
    it return the same error, maybe I’m using a wrong metasploitable version?

    Best, R.F.

    #39649
    diegodiego
    Moderator

    Hi Riccardo!

    You can try to import a new metasploitable, did you download it from official Rapid7 site?

    Let me know.
    Diego

    #39678
    AvatarRiccardo
    Participant

    Hi Diego,
    I downloaded it from the official Rapid7 website. Now I try to re-download and import the virtual machine again. I’ll keep you updated πŸ™‚

    Best, R.F.

    #39683
    AvatarRiccardo
    Participant

    Hi again,
    now all it is working πŸ™‚
    Best,
    R.F.

    #39738
    diegodiego
    Moderator

    Hi Riccardo!
    Cool you got it!

    I’ll suggest to keep a copy of the downloaded file, I have break metasploitable many times and keeping a copy is time saving πŸ™‚

    Greetings!
    Diego

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.