๐ชถApache HTTP Server Path Traversal: CVE-2021-41773/42013
A small explanation of an Apache path traversal bug and an incomplete fix
| Room Attributes | Value |
|---|---|
Subscription Required | False [Free] |
Type | Walkthrough |
Difficulty | Info |
Tags | Security, Apache, CVE-2021-41773, CVE-2021-42013 |
Task 1 - A Bit of Background...
What version of Apache httpd was initially vulnerable to this CVE?
This vulnerability requires an unusual misconfiguration for it to be exploitable (Yea/Nay)
Task 2 - What is Path Traversal anyways?
A path traversal exploit will (choose the best answer):
A) Include arbitrary remote files to be processed on the server.
B) Include arbitrary local files to be processed on the server.
C) Allow arbitrary files to be exposed by the server.
D) None of the above.
URL-encode the . symbol
HINT: Uppercase hex is the preferred standard by the RFC (though lowercase is equivalent, this answer should be in uppercase)
What does this URL fragment decode to: %%32%65 ?
Task 3 - Ok, Ok; Gib Hax!
What module needs to be enabled in order to get remote code execution?
HINT: There are technically two different modules depending on if another module is enabled. This answer uses the shorter of the two.
Task 4 - Practical Exam
What is the flag on port 8080?
What is the flag on port 8081?
What is the flag on port 8082?
What is the flag on port 8083?
I was able to pop a shell! (I can't actually verify this, so I'll trust you on that one :))
HINT: If you need some help with the shell, visit https://www.revshells.com/
No answer needed
What user is the Apache server running as?
Find the root flag on the machine on port 8083?
HINT: The root password is: ApacheCVE
Last updated