I am trying to get a reverse shell using the lfi in nineveh like instructed in ippsec’s video and other writeups, but it seems like somethings have changed on this machine and even after following exact instructions, i cant get a reverse shell right now.
would really like some help on this, cos this machine is doing weird things. Its driving me crazy. Almost at my wits end right now. Also saw ippsec video but that didnt help. Im at the part where you point the lfi to your hack.php reverse shell.
yes i met the same issue…
Depending on how the shell is created it might be a result of some binaries changing on your Kali machine.
If you examine the error messages you get, you can work out where the source of the problem is.
Is your payload
/department/manage.php?notes=/var/tmp/ninevehNotes.txt.writeup.php (and before anyone reports this is a spoiler, its a retired box and the link is in the write up)
Can anybody get a shell on this box? I cant. i tried all types of payloads, and named the file different and tried different directories. even reverted the box. let me know if you guys actually get in in these days.
Just did it. Without any problem. Have you tried naming your database ninevehNotes.php?
Tried a few different ways, following different write-ups but couldn’t get any reverse shell working. Too bad, looks like an interesting box.
After playing around some more i was finally able to get a reverse shell. The trick is to download the reverse shell via wget/curl from your http server and save it as some NinevehNotes** file on the system (Don’t use the same name as you DB). Just call it afterwards with the same LFI. (I don’t know what causes the errors when writing a reverse shell directly into the SQLITE database, but you can work your way around the error with this extra step)