Backdoor communication failed - weevely 4.0.2

[aatif007]

Warning: include(phar://shell2.php/x) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/hackable/uploads/shell2.php on line 1

Warning: include() [function.include]: Failed opening 'phar://shell2.php/x' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/dvwa/hackable/uploads/shell2.php on line 1

why this error occur i can not modifiying the file shell2.php

[ZanyMonk]

Please update to version 4.0.2 and try again.

[aatif007]

i update the version but its not working
@ZanyMonk

when i connect
./weevely.py http://10.0.2.6/dvwa/hackable/uploads/shell95.php 123456

/root/weevely3/modules/audit/filesystem.py:114: SyntaxWarning: invalid escape sequence '.'
'.gpg', 'sudoers' ]
/root/weevely3/modules/shell/su.py:30: SyntaxWarning: invalid escape sequence '\s'
postprocess=lambda x: re.findall('Password: (?:\r\n)?([\s\S]+)', x)[0] if 'Password: ' in x else ''
/root/weevely3/modules/sql/console.py:151: SyntaxWarning: invalid escape sequence '\q'
if query in ['quit', '\q', 'exit']:
/root/weevely3/modules/sql/console.py:153: SyntaxWarning: invalid escape sequence '\s'
m = re.findall("^use\s+([\w_]+);?$", query, re.IGNORECASE)
/root/weevely3/modules/file/grep.py:40: SyntaxWarning: invalid escape sequence '/'
payload = """% if invert:
/root/weevely3/modules/file/edit.py:47: SyntaxWarning: invalid escape sequence '\W'
suffix = re.sub('[\W]+', '_', self.args['rpath'])
/root/weevely3/modules/net/proxy.py:32: SyntaxWarning: invalid escape sequence '.'
re_valid_ip = re.compile("^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$")
/root/weevely3/modules/net/proxy.py:33: SyntaxWarning: invalid escape sequence '-'
re_valid_hostname = re.compile("^(([a-zA-Z0-9-]+).)([A-Za-z]|[A-Za-z][A-Za-z0-9-][A-Za-z0-9])$")
/root/weevely3/modules/net/ifconfig.py:37: SyntaxWarning: invalid escape sequence '\S'
ifaces = re.findall('^(\S+).?inet addr:(\S+).?Mask:(\S+)', result, re.S | re.M)

[+] weevely 4.0.2

[+] Target: 10.0.2.6
[+] Session: /root/.weevely/sessions/10.0.2.6/shell95_0.session

[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.

weevely> pwd
Backdoor communication failed, check URL availability and password
weevely> Exiting.

[ZanyMonk]

I cannot reproduce your error. Please, upload the generated shell95.php file here, I'll have a look.

[aatif007]

/\00\00\00�\00\00\00�\00\00��\00\00\00\00\00\00\00\00\00�\00\00\00x\E1�\00\00\00\00\00\00Y�\00\00\C09Wh\FF�\00\00\00\00\00\00U\90Kk\C30�\84\EF\FE�F,\89\84M�ͻ\8A\A8K\A1\F4\D0[O%\A4\C6�\D9V\E2HFVJH\C8�\EF:\A5\81"�\CC'\CD,\B3맦j|\F9\9DԴ�{A\E4x\94\E4\D9dE8\EC+A\A6\AB4\99\AD\924\95\B3y\87

\FC1\9A-\8A\87Q\B1\N$\A2F\90\F6\E3\ED\E1\FC>\D7\D5\F3g\B9xy]�\EEy\C5QgN�\ED\9F(\B8�\F6\EC\E2A&Zgk\A9)J�\F5]9TF�\B4�\C6RPb\C4A\AD\A1\E6h\BA\91��\BCא\F5z\B7�4\EC\82 ���\CC\C3d3�\E06\A0\B6_\B0\DF\C0n˽+�+\DD\D1j�L'U\E1Ө\B1\B2\8C�\89\CB*J\86X\90��\86\A5\86$\8C
U˸\94.ΌvR\BB\96�\DC\CC\E3p\A8tst\84\85p`B\8C\99�\F1"\93ƭK\AC\A3\8C{\D1mwQy\C6\C2\E6\80�ږF'�\A5I+\E7\D38\97\99\C9%\85\C3f\BCe\DD��z\B0m\97\F1oZ�\85L\EA<\CEj\99\E8�\80��9R\DFr\BA\E4\F2|��\E67\93{\8DU\DAQ�
\B6�\8B\9D�\C2k\9F\F1�s\CA\EB�P\EF\95w\E2b7Z\F0S9<|\F8\D3\F9�\00\00\00\00\00\00\00

file code and zip file @ZanyMonk
shell95.zip

[ZanyMonk]

I'm still unable to reproduce. Are you using a default PHP configuration ? If not, please provide the php.ini file.

[aatif007]

yes i am using default PHP configuration. here is php.ini file

php.zip
@ZanyMonk

[ZanyMonk]

In bd/obfuscators/phar.tpl replace dirname(__FILE__) with realpath(__FILE__).

It looks like __FILE__ is returning a relative path for whatever reason. This should fix it.

[aatif007]

In File bd/obfuscators/phar.tpl i can't find dirname(FILE). here is file

can change with stub = b""""""

basename(FILE) replace with realpath(FILE)

phar.zip

where i should change?

@ZanyMonk

[ZanyMonk]

I'm sorry, i meant basename(__FILE__) ...

Anyways, the webshell can't be found and I don't know why. Maybe try to tinker with the stub and find what works for you. Good luck.

[aatif007]

still issues is there any one please help me. thanks for time @ZanyMonk

[Creator1024]

I had the same problem.

weevely version: 4.0.2
metasploitable version: Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

[EddyMexico]

i

Warning: include(phar://shell2.php/x) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/hackable/uploads/shell2.php on line 1

Warning: include() [function.include]: Failed opening 'phar://shell2.php/x' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/dvwa/hackable/uploads/shell2.php on line 1

why this error occur i can not modifiying the file shell2.php

I am having the exact same problem. I had an assignment with this tool but I won't be able to do it lol. I don't know if trying with legacy/different versions would work.

[term51]

the same problem
Warning: include(phar:///var/www/dvwa/hackable/uploads/shell.php/x) [function.include]: failed to open stream: No such file or directory in /var/www/dvwa/hackable/uploads/shell.php on line 1

Warning: include() [function.include]: Failed opening 'phar:///var/www/dvwa/hackable/uploads/shell.php/x' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/dvwa/hackable/uploads/shell.php on line 1

even with realpath

[titus775]

I have the same problem but most likely the problem is of Kali Linux because I tried all the solutions and it didn't work either.
And I installed Parrot and weevely worked fine.