Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #39573
    Riccardo
    Participant

    Hi,
    I’m at lecture 8.3
    When i try to enter to http://IP_ADDRESS/dvwa/vulnerabilities/fi/?page=../../../../var/log/auth.log return to me:

    
    Warning: include(../../../../var/log/auth.log) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/vulnerabilities/fi/index.php on line 35
    
    Warning: include() [function.include]: Failed opening '../../../../var/log/auth.log' for inclusion (include_path='.:/usr/share/php:/usr/share/pear:../../external/phpids/0.6/lib/') in /var/www/dvwa/vulnerabilities/fi/index.php on line 35
    
    Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 324
    
    Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 325
    
    Warning: Cannot modify header information - headers already sent by (output started at /var/www/dvwa/vulnerabilities/fi/index.php:35) in /var/www/dvwa/dvwa/includes/dvwaPage.inc.php on line 326
    

    The security level is set to low. Same problem with medium security level. Is there anything else I can try?

    Best, R.F.

    #39585
    Diego PérezDiego Pérez
    Participant

    Hi Riccardo!
    Can you try to add a couple more ../../ to your injection?

    Let me know how it goes!
    Diego

    #39594
    Riccardo
    Participant

    Hi Diego,
    it return the same error, maybe I’m using a wrong metasploitable version?

    Best, R.F.

    #39649
    Diego PérezDiego Pérez
    Participant

    Hi Riccardo!

    You can try to import a new metasploitable, did you download it from official Rapid7 site?

    Let me know.
    Diego

    #39678
    Riccardo
    Participant

    Hi Diego,
    I downloaded it from the official Rapid7 website. Now I try to re-download and import the virtual machine again. I’ll keep you updated 🙂

    Best, R.F.

    #39683
    Riccardo
    Participant

    Hi again,
    now all it is working 🙂
    Best,
    R.F.

    #39738
    Diego PérezDiego Pérez
    Participant

    Hi Riccardo!
    Cool you got it!

    I’ll suggest to keep a copy of the downloaded file, I have break metasploitable many times and keeping a copy is time saving 🙂

    Greetings!
    Diego

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.
Privacy Overview
ZSecurity logo featuring a stylized red letter Z

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.