HTB Academy - Nibbles Initial Foothold - Reverse shell not working

In this chapter you have to upload php file with reverse shell command. I upload the file, visit the page(or curl it), but reverse shell does not work. Ip and port is written correctly in the command and I am listening on the same port. When i upload the file with other commands like “ls” it works. Can anyone help?

1 Like

I’m having the same issue. My Netcat says its listening on 0.0.0.0:9443. Is that the issue?

1 Like

I’m having the same problem.
netcat listening on 0.0.0.0:9443
visiting the page(http://10.129.32.219/nibbleblog/content/private/plugins/my_image/image.php or if I curl, I always get a blank page. I have started over numerous times. The only thing that I got to upload was the test php code and that was only once. It’s probably something i am doing wrong, but i would be interested to know if it wasn’t. Any suggestions would be appreciated.

1 Like

Okay, the way I solved it was I reset the target, download new vpn us-academy-1 with tcp 443, and listened on 443 port with nc for reverse shell. And this seems to be working. BUT in the next chapter - privilege escalation, I can not download a file on target machine with http server, and I can not create a new reverse shell through the vulnerable monitor.sh file. As far as the reading material says, I am configuring everything correctly, but it just does now work. This is really frustrating.

1 Like

hmm, mine says: listening on [any] 443 …

I’m having the same issue. Obviously I’m a total noob (that’s why I’m taking the fundamentals class) so I assume I’m the one doing something wrong, but I’d really like to know what exactly it is. I’ve spent a few days working on this one thing, and I’m kind of ready to move on.

use this script GitHub - pentestmonkey/php-reverse-shell

the way i solved it by using metasploit not netcat ,check for the vulnerability and use metasploit instead .

Same issue. I can use a php script to ‘cat /flag.txt’ and get the flag, but I can’t get the reverse shell to connect (specific error: “WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)”). Any other hints on how to get it to work the right way? I’m grabbing my IP from ifconfig (also tried whatismyipaddress.com to sanity check), pasting that into the reverse-shell script, then specifying whatever port in the script and specifying the same for my listener (I’ve tried 11111, 55555, 1234, 8080 – doesn’t seem to make a difference). I’ve tried all of the above with the msvenom generated scripts, too.

Hi rghutchin,
you need to use vpn tun0 interface IP address (type ifconfig to find your tun0 IP) in the reverse shell payload. I hope this help. Good luck.

1 Like

Thank you for this, I was pulling my hair out going over everything and starting over because I was sure I missed someting.
Turns out I was using the eth0 IP and not the tun0. I even think this has been mentioned in a previous section but it slipped my mind. I’m sure it’ll stick better after all the frustration!

It’s the firewall, open port the one is used on php script

1 Like

Open the listening port in firewall configuration, like ufw allow .