Re: [null] Apache 2.2.22 vulnerability

[webDEViL]

You should try to understand why there are exploits and what they are written for firstly.

I'll give you a hint 2.2.22 is the latest version in that particular series.

On Mon, Jul 16, 2012 at 9:52 PM, Ace Kapila <acek...@gmail.com> wrote:

Hello i m doing a pentest against a server which is running Apache 2.2.22 

I have searched the internet but not found any exploit and vulnerability for this server.

Help

--
Get ready for the Dilli Shakedown!
nullcon security conference Delhi Sept 26-29th 2012
http://nullcon.net
 
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/

--
Regards,

webDEViL

http://twitter.com/w3bd3vil

[prajwal panchmahalkar]

wish that apache also to release the vulnerabilities list in their changelog ;)

==================
Prajwal Panchmahalkar
==================

       C|EH, AFCEH  

     

[Manjunath Singh]

Try to find modules that are used in Apache, I am sure you will find plenty of exploits

[webDEViL]

Huh! they do that.

http://www.apache.org/dist/httpd/CHANGES_2.2.22

[webDEViL]

Manjunath,

Can you site some examples for us, please?

[webDEViL]

Ok, so you mean to say you want me to use something windows specific and from 2006 on this?

On Mon, Jul 16, 2012 at 11:48 PM, Manjunath Singh <linux...@gmail.com> wrote:

http://www.metasploit.com/modules/exploit/windows/http/apache_mod_rewrite_ldap for eg, plenty more if you know the modules enabled, and versions.

Not that hard to google, is it?  :)

[Manjunath Singh]

Nope all I am saying is find out the modules that are enabled, you might get lucky.

[Manjunath Singh]

http://www.metasploit.com/modules/exploit/windows/http/apache_mod_rewrite_ldap for eg, plenty more if you know the modules enabled, and versions.

Not that hard to google, is it?  :)

On Jul 16, 2012 11:26 PM, "webDEViL" <w3bd...@gmail.com> wrote:

[Manjunath Singh]

Just to prove the point

http://www.metasploit.com/modules/exploit/windows/http/php_apache_request_headers_bof

Applicable to 2.2.22 windows 2k3 , he has not mentioned the target OS yet

[webDEViL]

Anything that has a word apache in it doesn't become an apache exploit.

Can you give me something apache specific from 2012?

[Manjunath Singh]

Sorry to say it, but Apache alone won't do anything,  unless you intend to see the "This works " page. I would like to see the full context,  what os,  what platform and backend. You see people on the internet won't leave you alone just because you are running a web server version 2.2.22 .

[webDEViL]

So, the googling isn't helping is it?

My point being there are "plenty" of exploits for it.

[webDEViL]

So, the googling isn't helping is it?

My point being there aren't "plenty" of exploits for it.

[Manjunath Singh]

I whole heartedly agree with you. And I never debated it. All I said is if something does not work look for a workaround.

[TAS]

Ok, in the midst of the google thing the actual post got side tracked.

This may not answer your question, but I am giving you a way forward.
Apache vulnerabilities are always listed on their website with the CVE
ratings. Simple way to do that is Google for "apache 2.2.22
vulnerabilities"
http://httpd.apache.org/security/vulnerabilities_22.html

Now, not every vulnerability can translate into a exploit. If you try
the CVE links in the advisories, you will stumble across a series of
links which may tell you the history of the issue and sometimes the
exploit code too (SecurityFocus has a tab for exploits)

Also note, Apache exploits may not be straight forward, because it
also depends on how Apache was complied and with what plugins (or
modules). Reaching to the Apache service via a plugin exploit is not
always possible if the plugin was not installed.

-
TAS
http://twitter.com/p0wnsauc3

[Manjunath Singh]

>> Simple way to do that is Google for "apache 2.2.22 vulnerabilities"

So google did help :)

>>Apache exploits may not be straight forward, because it
>> also depends on how Apache was complied and with what plugins (or
>> modules).

Deja Vu, I thought I said it :).

But anyway, I am not trying to prove a point or neither I am interested in unproductive discussion. However If I were the person asking someone to do the pen testing of my web server. I would like to have a full fledged testing including WebServer ,  Site vulnerabilities, PHP/Perl or whatever as well as the modules I am using. After all your server is as strong as the weakest link.

Thanks and Regards,

Manjunath

--
Regards,
Manjunath
---------------------------------
 Miles to go before I sleep...
----------------------------------

[Ace Kapila]

Ohkk guys got the point i will try and if i found i will get back to you guys.... 

[webDEViL]

I don't really want to give answers directly.

Then people here will start demanding answers and the point of learning and sharing goes away.

But anyone reading the conversation between me and Manju would have realised what to do. :P

On Tue, Jul 17, 2012 at 9:35 AM, TAS <p0wn...@gmail.com> wrote:

[Bipin Upadhyay]

"This" is how the original LUG groups worked, and did help a lot of people grow.
My comment is more of an reminisce than in context of this thread.

--Bipin.

»»sent from my pwnedBerry®

---

From: webDEViL <w3bd...@gmail.com>

Sender: null-...@googlegroups.com

Date: Tue, 17 Jul 2012 12:31:49 +0530

To: <null-...@googlegroups.com>

ReplyTo: null-...@googlegroups.com

Subject: Re: [null] Apache 2.2.22 vulnerability