Has anyone tried Nineveh in 2020

I am trying to get a reverse shell using the lfi in nineveh like instructed in ippsec's video and other writeups, but it seems like somethings have changed on this machine and even after following exact instructions, i cant get a reverse shell right now.


  • would really like some help on this, cos this machine is doing weird things. Its driving me crazy. Almost at my wits end right now. Also saw ippsec video but that didnt help. Im at the part where you point the lfi to your hack.php reverse shell.

  • yes i met the same issue.....

  • edited January 31

    Depending on how the shell is created it might be a result of some binaries changing on your Kali machine.

    If you examine the error messages you get, you can work out where the source of the problem is.

    Is your payload /department/manage.php?notes=/var/tmp/ninevehNotes.txt.writeup.php (and before anyone reports this is a spoiler, its a retired box and the link is in the write up)

  • Can anybody get a shell on this box? I cant. i tried all types of payloads, and named the file different and tried different directories. even reverted the box. let me know if you guys actually get in in these days.

  • Just did it. Without any problem. Have you tried naming your database ninevehNotes.php?

Sign In to comment.