Skip to content

Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

License

Notifications You must be signed in to change notification settings

Zyx2440/Apache-HTTP-Server-2.4.50-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Apache-HTTP-Server-2.4.50-RCE

This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

Installation:

Clone the repository:

git clone https://github.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE.git

Go to the dir:

cd Apache-HTTP-Server-2.4.50-RCE

install The Requirements:

pip3 install requests~=2.27.1 termcolor~=1.1.0

or:

   pip3 install -r add_requirements.txt

usage:

python3 50512.py target.txt -ip <YourIp> -port <ThePort>
the text file should contain the url of the target

Example:

python3 50512.py target.txt -ip 10.0.2.15 -port 4444

apache

check the version of Apache and run exploit:

apache

Remote Code Execution (RCE):

apache

What the Script Does ???

Apache Version Check: For each URL in the provided file, it checks whether the server is running Apache version 2.4.50.

Exploit Testing:

If the server is vulnerable: It attempts to exploit the server by sending payloads to either trigger directory traversal attacks or execute code remotely. If CGI is enabled: It tries to inject a reverse shell payload to gain remote access.

Warning !!!!!:

For Educational Use Only: The script is intended for educational purposes to demonstrate how vulnerabilities can be tested and exploited. Using this script against unauthorized targets is illegal and unethical.

additionally info:

Original Author: calfcrusher@inventati.org

Modified by: Zyx2440

Purpose of modification: Added additional error handling and optimized the payload logic adn RCE and remove cve

About

Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages