.

I need exploits for an old apache 1.3 server on linux

<<

phate867

Newbie
Newbie

Posts: 9

Joined: Wed Feb 27, 2013 10:57 am

Post Wed Feb 27, 2013 11:03 am

I need exploits for an old apache 1.3 server on linux

Hello,
for study reasons I have to exploit an old apache webserver, version 1.3.
I first scanned with nessus and metasploit, but it seems the only relevant exploits (who allow me, for example, to open a remote shell) rely on isapi module which is for windows versions...can you help me out please?
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Feb 27, 2013 11:10 am

Re: I need exploits for an old apache 1.3 server on linux

Hey,

You can't just ask us this question and expect someone here to give you such an exploit... Penetration testing/ethical hacking requires lots of knowledge and skills that you can only acquire over time. You can't just go straight to running exploit agains't a web server...

However, if you try hard and post detail questions about something specific, you'll get a lot of help here. But not like this, especially on your first post...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

phate867

Newbie
Newbie

Posts: 9

Joined: Wed Feb 27, 2013 10:57 am

Post Mon Mar 11, 2013 6:56 am

Re: I need exploits for an old apache 1.3 server on linux

Yes you're right, unfortunately expoliting apache is just the first step of my research, indeed my objective is observing the system UNDER this attack.

Anyway I'm doing some researches and I'd like to apply the chunked-encoding vulnerability (CVE-2002-0392) who could allow me to open a remote shell.
For now I compiled an 1.3.0 version of apache on an ubuntu 12.04 system, anyway now I got my first question: according to this http://www.securityfocus.com/bid/5033 my ubuntu version is not in the target list...does that mean I have to install another version of linux or the exploit is still possible?

If it's for alsr and stack protection I can disable them.

If this exploit is still not possible could you point me to another apache vulnerability who could allow me to open a remote shell?
Last edited by phate867 on Mon Mar 11, 2013 6:59 am, edited 1 time in total.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software