ðŸšĐ
THM Walkthroughs
  • THM Walkthroughs
    • 🧑‍ðŸŦTutorial
  • ðŸŸĶDifficulty: Info
    • 🔌What is Networking?
    • 🔌Intro to LAN
    • 🐧Linux Fundamentals
      • 🐧Linux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • 🐧Linux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • 🐧Linux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • 🊟Windows Fundamentals
      • 🊟Windows Fundamentals 1
      • 🊟Windows Fundamentals 2
      • 🊟Windows Fundamentals 3
    • 🔓Principles of Security
    • 🐍Python Basics
    • 🔍History of Malware
    • ðŸĶđCommon Attacks
    • ðŸ–ĨïļSecurity Awareness
    • ⚔ïļIntro to Offensive Security
    • ðŸĶđPentesting Fundamentals
    • 🔓CVE Walkthroughs
      • ðŸ–ĨïļSudo Security Bypass: CVE-2019-14287
      • ðŸ–ĨïļSudo Buffer Overflow: CVE-2019-18634
      • ðŸ–ĨïļBaron Samedit: CVE-2021-3156
      • ðŸ–ĨïļOverlayFS: CVE-2021-3493
      • ðŸ–ĨïļPolkit: CVE-2021-3560
      • ðŸ–ĨïļPwnkit: CVE-2021-4034
      • ðŸŠķApache HTTP Server Path Traversal: CVE-2021-41773/42013
      • ðŸ§ŧDirty Pipe: CVE-2022-0847
      • ðŸŸĒSpring4Shell: CVE-2022-22965
    • 🟧Burp Suite
      • 🟧Burp Suite: The Basics
      • 🟧Burp Suite: Repeater
    • 🏁Challenges
      • âĪīïļBypass Disable Functions
    • 🎟ïļTHM PROMOs
      • 🎟ïļLearn and win prizes [PROMO ENDED]
      • 🎟ïļLearn and win prizes #2 [PROMO ENDED]
  • ðŸŸĐDifficulty: Easy
    • 🚀Learning Cyber Security
    • 🔁The Hacker Methodology
    • 🔍Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • 🐝OWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • ðŸ“ĄNmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • ðŸ“ĄRustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • 🐙Crack the hash
    • 🌍OhSINT
    • 🧑‍🚀Vulnversity
    • 🧊Ice
    • 🊟Blue
    • 🎄Advent of Cyber 4 (2022)
  • ðŸŸĻDifficulty: Medium
    • 🊟Attacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • 💀Mr Robot CTF
    • 🛗Linux PrivEsc
    • 🛗Linux PrivEsc Arena [WIP]
    • 🛗Windows PrivEsc Arena
  • 🟧Difficulty: Hard
    • 🐘Hacking Hadoop [WIP]
  • ðŸŸĨDifficulty: Insane
    • ⛹You're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  1. Difficulty: Info
  2. CVE Walkthroughs

Apache HTTP Server Path Traversal: CVE-2021-41773/42013

A small explanation of an Apache path traversal bug and an incomplete fix

PreviousPwnkit: CVE-2021-4034NextDirty Pipe: CVE-2022-0847

Last updated 2 years ago

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Security, Apache, CVE-2021-41773, CVE-2021-42013

Task 1 - A Bit of Background...

What version of Apache httpd was initially vulnerable to this CVE?

This vulnerability requires an unusual misconfiguration for it to be exploitable (Yea/Nay)

Task 2 - What is Path Traversal anyways?

A path traversal exploit will (choose the best answer):

  • A) Include arbitrary remote files to be processed on the server.

  • B) Include arbitrary local files to be processed on the server.

  • C) Allow arbitrary files to be exposed by the server.

  • D) None of the above.

URL-encode the . symbol

HINT: Uppercase hex is the preferred standard by the RFC (though lowercase is equivalent, this answer should be in uppercase)

What does this URL fragment decode to: %%32%65 ?

Task 3 - Ok, Ok; Gib Hax!

What module needs to be enabled in order to get remote code execution?

HINT: There are technically two different modules depending on if another module is enabled. This answer uses the shorter of the two.

Task 4 - Practical Exam

What is the flag on port 8080?

What is the flag on port 8081?

What is the flag on port 8082?

What is the flag on port 8083?

I was able to pop a shell! (I can't actually verify this, so I'll trust you on that one :))

HINT: If you need some help with the shell, visit https://www.revshells.com/

No answer needed

What user is the Apache server running as?

Find the root flag on the machine on port 8083?

HINT: The root password is: ApacheCVE

Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag

2.4.49

Yea

C

%2E

%2e

mod_cgi

THM{724V3R51N6_P4TH5_F02_FUN}

THM{2C3_F20M_C61}

THM{D0UBL3_3NC0D1N6_F7W}

THM{F1L732_8YP455_2C3}

daemon

THM{P21V_35C_F20M_4P4CH3_15_FUN}

ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸšĐ
ðŸŸĶ
🔓
ðŸŠķ
  • Task 1 - A Bit of Background...
  • What version of Apache httpd was initially vulnerable to this CVE?
  • This vulnerability requires an unusual misconfiguration for it to be exploitable (Yea/Nay)
  • Task 2 - What is Path Traversal anyways?
  • A path traversal exploit will (choose the best answer):
  • URL-encode the . symbol
  • What does this URL fragment decode to: %%32%65 ?
  • Task 3 - Ok, Ok; Gib Hax!
  • What module needs to be enabled in order to get remote code execution?
  • Task 4 - Practical Exam
  • What is the flag on port 8080?
  • What is the flag on port 8081?
  • What is the flag on port 8082?
  • What is the flag on port 8083?
  • I was able to pop a shell! (I can't actually verify this, so I'll trust you on that one :))
  • What user is the Apache server running as?
  • Find the root flag on the machine on port 8083?
LogoTryHackMe | CVE-2021-41773/42013TryHackMe
https://tryhackme.com/room/cve202141773