Apache Conf Privilege Escalation

Apache Conf Privilege Escalation | Exploit Noteshideckies

Key Assumptions:

1. Configuration file can be updated by current user.

/ls -al /etc/apache2

1. Reverse shell script can be writeable to the web site directory. Assume the website uses PHP, so we can create “shell.php” in the web root and insert PHP reverse shell script.

2. Apache can be restarted.

# Debian and Ubuntu
/etc/init.d/apache2 restart
sudo /etc/init.d/apache2 restart 
sudo service apache2 restart

Start / Stop and Restart Apache 2 Web Server CommandnixCraft