I would like to know how can i gain access or "HACK" Apache/2.2.22, because i've tried but with no success.
Thanks, Dorin
11 Responses
We need more info to help. What have you tried? What was the systems response to your attempts?
What is your main goal? Control to the system, or transferring files, etc.?
Yes I had problems with that (like port 8180 should be open which is metasploitable and some other things like creating .war files etc.) but finally I did it. (though an ftp server)
You should search that in google.. with your knowledge OR tell us all the ports open, Type of Apache server, IP, server OS, and many more. (I prefer google)
{Trying to hack your school server ..huh?}
Open ports: 21/tcp open ftp 22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0) 80/tcp open http Apache httpd 2.2.22 ((Debian)) http-generator: Joomla! - Open Source Content Management 443/tcp open http Apache httpd 2.2.22 ((Debian)) 465/tcp open smtps 5060/tcp open tcpwrapped 8080/tcp open ssl/http Apache httpd 2.2.22 ((Debian)) Running (JUST GUESSING): Linux 3.X|2.6.X (98%) OS CPE: cpe:/o:linux:linuxkernel:3 cpe:/o:linux:linuxkernel:2.6
Aggressive OS guesses: Linux 3.2 - 3.8 (98%), Linux 2.6.32 - 3.0 (94%), Linux 2.6.32 (90%), Linux 3.1 - 3.2 (89%), Linux 3.0 - 3.2 (89%), Linux 2.6.32 - 2.6.39 (89%)
No exact OS matches for host (test conditions non-ideal). Network Distance: 7 hops Service Info: OS: Linux; CPE: cpe:/o:linux:linuxkernel
Thanks, Dorin
You have FTP to crack as well as SSH. That'll give you both file access and system control. Hydra will be your new friend. ;)
So How can you do this exploit process? Sorry, mail to me.
At first i made what FEAR did trying to see port 8180 for Tomcat, but with no success, as port 8180 does not exit in this target, so i would like to know how to FULL TAKE CONTROL on this server.
Thanks, Dorin
Dorin:
I see that there is Joomla on that server. There are several new and excellent exploits in Metasploit taking advantage of Joomla. That's where I would start. Joomla is very vulnerable to attack.
In addition, check Metasploit for Apache exploits as well.
OTW
Apache 2.2.22 exploit is very simple.
can you give me more details? what vulnerability/exploit?
How i can exploit apache Apache httpd 2.2.22 ?? with metasploit
11 Responses
We need more info to help. What have you tried? What was the systems response to your attempts?
What is your main goal? Control to the system, or transferring files, etc.?
Yes I had problems with that (like port 8180 should be open which is metasploitable and some other things like creating .war files etc.) but finally I did it. (though an ftp server)
You should search that in google.. with your knowledge OR tell us all the ports open, Type of Apache server, IP, server OS, and many more. (I prefer google)
{Trying to hack your school server ..huh?}
Open ports:
21/tcp open ftp
22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0)
80/tcp open http Apache httpd 2.2.22 ((Debian))
http-generator: Joomla! - Open Source Content Management
443/tcp open http Apache httpd 2.2.22 ((Debian))
465/tcp open smtps
5060/tcp open tcpwrapped
8080/tcp open ssl/http Apache httpd 2.2.22 ((Debian))
Running (JUST GUESSING): Linux 3.X|2.6.X (98%)
OS CPE: cpe:/o:linux:linuxkernel:3 cpe:/o:linux:linuxkernel:2.6
Aggressive OS guesses: Linux 3.2 - 3.8 (98%), Linux 2.6.32 - 3.0 (94%), Linux 2.6.32 (90%), Linux 3.1 - 3.2 (89%), Linux 3.0 - 3.2 (89%), Linux 2.6.32 - 2.6.39 (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 7 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linuxkernel
Thanks, Dorin
You have FTP to crack as well as SSH. That'll give you both file access and system control. Hydra will be your new friend. ;)
So How can you do this exploit process?
Sorry, mail to me.
At first i made what FEAR did trying to see port 8180 for Tomcat, but with no success, as port 8180 does not exit in this target, so i would like to know how to FULL TAKE CONTROL on this server.
Thanks, Dorin
Dorin:
I see that there is Joomla on that server. There are several new and excellent exploits in Metasploit taking advantage of Joomla. That's where I would start. Joomla is very vulnerable to attack.
In addition, check Metasploit for Apache exploits as well.
OTW
Apache 2.2.22 exploit is very simple.
can you give me more details? what vulnerability/exploit?
How i can exploit apache Apache httpd 2.2.22 ?? with metasploit
Share Your Thoughts