Apache Conf Privilege Escalation
Key Assumptions:
Configuration file can be updated by current user.
/ls -al /etc/apache2
Reverse shell script can be writeable to the web site directory. Assume the website uses PHP, so we can create “shell.php” in the web root and insert PHP reverse shell script.
Apache can be restarted.
# Debian and Ubuntu
/etc/init.d/apache2 restart
sudo /etc/init.d/apache2 restart
sudo service apache2 restart
Last updated