来源

关联漏洞

描述

Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

介绍

# Apache-HTTP-Server-2.4.50-RCE

This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

## Installation:

### Clone the repository:
   ```bash
   git clone https://github.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE.git
```
### Go to the dir:
   ```bash
   cd Apache-HTTP-Server-2.4.50-RCE
```
### install The Requirements:
   ```bash
   pip3 install requests~=2.27.1 termcolor~=1.1.0
   ```
### or:
```bash
   pip3 install -r add_requirements.txt
   ```
### usage: 
   ```bash
   python3 50512.py target.txt -ip <YourIp> -port <ThePort>
   the text file should contain the url of the target
```

### Example:
```bash
python3 50512.py target.txt -ip 10.0.2.15 -port 4444
```
![apache](png/py.jpg)

### check the version of Apache and run exploit:

![apache](png/RunExploit.jpg)

### Remote Code Execution (RCE):

![apache](png/passwd.jpg)
   
# What the Script Does ???
   Apache Version Check: For each URL in the provided file, it checks whether the server is running Apache version 2.4.50.

### Exploit Testing:
   If the server is vulnerable: It attempts to exploit the server by sending payloads to either trigger directory traversal attacks or       execute code remotely.
   If CGI is enabled: It tries to inject a reverse shell payload to gain remote access.

# Warning !!!!!:
   For Educational Use Only: The script is intended for educational purposes to demonstrate how vulnerabilities can be tested and             exploited. Using this script against unauthorized targets is illegal and unethical.

### additionally info:
#### Original Author: calfcrusher@inventati.org
#### Modified by: Zyx2440
Purpose of modification: Added additional error handling and optimized the payload logic adn RCE and remove cve 

文件快照

 [4.0K]  /data/pocs/6a1e77d73a220e6d731ffa48d0af01df2946d4fd
├── [5.0K]  50512.py
├── [  34]  add_requirements.txt
├── [1.3K]  LICENSE
├── [4.0K]  png
│   ├── [142K]  passwd.jpg
│   ├── [ 22K]  py.jpg
│   └── [ 45K]  RunExploit.jpg
└── [1.8K]  README.md

1 directory, 7 files

备注