Hey guys,
This is my first Forum post so i apologies if the post is not really detailed.
I have been a task to exploit the Vulnerabilities of Apache server as a project . I have used Kali tools such as nikto and similar tools to scan the apache server running version 2.4.10 debian and i have found few CVE's but i dont know how i can use it to exploit the system. If someone can point me to the right direction i would be so ever thank you .
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How To:
Dox Anyone
How To:
Hack Apache Tomcat via Malicious WAR File Upload
How To:
Set Your Wi-Fi Card's TX Power Higher Than 30 dBm
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Spy on Traffic from a Smartphone with Wireshark
How To:
Find Passwords in Exposed Log Files with Google Dorks
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
How To:
Run USB Rubber Ducky Scripts on a Super Inexpensive Digispark Board
How To:
Phish Social Media Sites with SocialFish
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Brute-Force Nearly Any Website Login with Hatch
7 Responses
You can check for exploits at exploit db or security focus and use metasploit to exploit the system.
I have checked them however they dont say what exploits can be used to exploit the particular Vulnerability, for example this one of the vulnerabilities from http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
it just talks about the issue that has been reported not how to exploit it . The exploits on Metasploit are pretty old at times .
download metasploitable and use that as practice there are plenty of tutorials available to help you demonstrate the exploitation of a vulnerable apache server. now if you are hiding behind the idea that we will help a "student" compromise a production level server you dont own you should look elsewhere.
thanks for your reply but i will not be posting with my real fb name and details and asking about hacking and exploiting apache server lol. i can give you my uni card details if your really interested...
You can exploit the vulnerability called HEARTBLEED.. To do that setup HTTPS server using apache2 on KALI linux and exploit it...If u wanna exploit the different server around the world then do find the vulnerable server to heartbleed and exploit it using metasploit or python script.
scan your target for find apache version
go to exploit data site example : exploit-db
now exploit your target .
Thanks guys! i have found Vulnerabilities for 2.4.10 Apache versions using nikto and other on-line sites in exploiting it .
Share Your Thoughts