Apache HTTP Server 2.4.49 Path Traversal and Possible RCE

Small standalone Bash exploit repository for CVE-2021-41773 targeting Apache HTTP Server 2.4.49. The repository contains only three files: an MIT LICENSE, a short README with usage instructions and an example showing command execution as www-data, and the main exploit script exploit.sh. The script is the sole code file and acts as the entry point. It accepts a single target IP, constructs a crafted HTTP URL pointing to /cgi-bin with repeated encoded traversal segments ending in /bin/bash, and then enters an interactive loop. Each operator-entered command is sent via curl as an HTTP POST body prefixed with 'echo; ', enabling remote command execution if the target is vulnerable and CGI/bash execution is exposed. This is a real exploit rather than a detector: it does not verify vulnerability safely first, and it directly attempts exploitation to obtain shell-like command execution. The code is minimal and operational, but not highly flexible or framework-integrated.

This repository is a small standalone Python exploit for Apache HTTP Server 2.4.49 path traversal and RCE, targeting CVE-2021-41773. The repo contains one executable script, CVE-2021-41773.py, and a README describing the vulnerability and usage. The script is interactive: it prompts for a target base URL, appends a crafted traversal payload (/cgi-bin/.%%32%65/.../bin/sh), then repeatedly prompts the operator for commands to execute. Each command is wrapped in a simple shell payload (echo Content-Type header, blank line, then the command) and sent via HTTP POST to the target path. If successful, the script prints the response body as command output. It disables TLS certificate verification, suppresses urllib3 insecure-request warnings, sets a browser-like User-Agent, and handles common HTTP status codes (200, 403, 404, 500, redirects) with operator-friendly messages. The exploit is not merely a detector; it attempts real command execution against vulnerable servers. There is no modular framework, no scanning engine, and no customizable staged payload beyond arbitrary operator-supplied shell commands, so it is best classified as an operational standalone exploit/PoC.

This repository is a small self-contained reproduction and exploit demonstration for CVE-2021-41773 affecting Apache HTTP Server 2.4.49. It contains three files: a Dockerfile that builds a deliberately vulnerable Apache environment, a short README with execution steps, and a Bash script that automates environment setup and exploitation. The Dockerfile uses the vulnerable base image 'httpd:2.4.49', creates a fake sensitive file at /etc/secret_credential.txt, enables CGI support by uncommenting cgid_module and cgi_module in /usr/local/apache2/conf/httpd.conf, and weakens the default directory protection by replacing 'Require all denied' with 'Require all granted'. This configuration is important because the exploit chain relies on both the path traversal bug and permissive server configuration to reach /bin/sh through the CGI mechanism. The main exploit logic is in exploit.sh. It first stops and removes any prior Docker container, builds the vulnerable image, and launches it locally with port mapping 8080:80. After a short delay, it performs two POST requests with curl using '--path-as-is' to preserve the traversal sequence. Both requests target the traversal path '/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'. The first sends shell commands that emit a CGI content type header and then read /etc/secret_credential.txt, demonstrating arbitrary file disclosure. The second sends commands to run 'id', demonstrating remote code execution. This is a real exploit demonstration rather than a detector. It is operational but basic: payloads are hardcoded and intended for local lab reproduction, not generalized exploitation. The attack vector is web/network-based, and the exploit’s purpose is educational reproduction of the Apache 2.4.49 traversal-to-RCE chain under a permissive CGI-enabled configuration.

This repository is a self-contained Docker attack-emulation lab rather than a single standalone exploit. It implements an operational multi-stage kill chain centered on two real vulnerabilities: CVE-2017-5638 against Apache Struts 2.3.28 for initial foothold, and CVE-2021-41773 against Apache HTTP Server 2.4.49 for path traversal and RCE on the final target. The repository structure is organized into: (1) attacker/exploits/, containing Bash scripts for recon, direct exploitation, foothold establishment, pivoting, and full-chain orchestration; (2) docker-compose.yml, which defines the lab topology with attacker, vulnerable targets, supporting infrastructure, and two Suricata IDS sidecars; (3) scripts/, which provide setup, attack dispatch, alert tailing, and teardown; and (4) Dockerfiles for the attacker, vulnerable web server, Struts host, and Suricata sensors. Main exploit capabilities: recon.sh performs ICMP sweep, TCP connect scans, service fingerprinting, HTTP HEAD banner grabs, and SSH probing across the 172.28.0.0/24 lab subnet. foothold_struts.sh delivers an OGNL injection in the Content-Type header to exploit Struts S2-045 and execute arbitrary shell commands via /bin/bash -c. exploit_cve_2021_41773.sh directly attacks Apache httpd 2.4.49 by first reading /etc/passwd through encoded traversal and then POSTing commands to /bin/sh through the vulnerable cgi-bin path, checking for uid=0 to indicate root compromise. pivot_struts_to_web.sh is the most notable lateral movement component: it uses the Struts RCE to run a base64-decoded Bash script on the compromised web-struts host, which then opens a raw TCP socket with /dev/tcp to web-vuln:80 and sends the CVE-2021-41773 exploit request from an internal source. Optional legacy scripts foothold_ssh.sh and pivot_attack.sh simulate credential abuse and SSH-based pivoting using sshpass. The exploit is real and functional within the intended lab. It is not merely a detector, although the repository also includes Suricata rules to observe the attack. The payloads are basic but operational Bash command-execution payloads, with hardcoded defaults and user-supplied command support. The web-vuln Dockerfile explicitly enables mod_cgi in Apache so the CVE-2021-41773 RCE path works. Overall, the repository’s purpose is to emulate attacker behavior and defender telemetry across a realistic multi-host environment, especially to demonstrate how initial access on one host can be chained into internal lateral movement and final compromise on another host.

This repository is a small standalone Python exploit for CVE-2021-41773 affecting Apache HTTP Server 2.4.49. It contains two files: a minimal README with an NVD reference and screenshot, and a single executable script, exp.py, which implements the exploit logic. The script has two main capabilities. First, check_vuln() performs vulnerability detection against one or more targets by sending a POST request to a crafted traversal path under /cgi-bin/ that resolves to /bin/sh. It submits the payload 'echo Content-Type: text/plain; echo; echo VULNERABLE' and checks the response body for the marker string 'VULNERABLE'. Second, runcmd() provides an interactive command execution loop for a single target. It first probes the base URL to determine whether HTTP or HTTPS is in use, then repeatedly sends user-supplied shell commands in POST data to the same traversal endpoint, printing the command output returned by the server. Repository structure is simple and purpose-built: exp.py is the only code file and clear entry point, using argparse for CLI handling and requests for HTTP communication. The -l/--list option reads a local file of targets and runs detection only; the -t/--target option launches the interactive RCE mode. The exploit disables TLS verification warnings and uses short timeouts, indicating practical offensive use rather than just documentation. Overall, this is an operational PoC exploit that supports both scanning and exploitation of vulnerable Apache 2.4.49 servers exposing the CGI traversal condition.

This repository is a small, self-contained proof-of-concept for CVE-2021-41773 affecting Apache HTTP Server 2.4.49. It contains three files: a Python exploit script, a lab setup description, and a README. The main functionality resides entirely in CVE-2021-41773-exploit.py. The exploit is a network-based Python PoC that accepts a target base URL from the command line, defaulting to http://localhost. It first performs a lightweight check by requesting /cgi-bin/test.sh and inspecting the Server response header for '2.4.49'. If the version check appears positive, it sends a POST request to /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh, using the Apache 2.4.49 path traversal flaw to reach /bin/sh. The POST body prepends a CGI content-type header and then executes arbitrary shell commands. The script demonstrates this capability with 'id', 'whoami', 'uname -a', and 'cat /etc/passwd', showing both command execution and file disclosure. Repository structure and purpose: - CVE-2021-41773-exploit.py: primary exploit code and likely entry point. - LabSetup.txt: documents the intended vulnerable lab, including Ubuntu, Apache 2.4.49 compiled from source, mod_cgi enabled, permissive 'Require all granted' configuration, and example attacker/victim IPs. - README.md: high-level description and disclaimer. This is not a framework module and not merely a detector; it is a working PoC exploit with a basic hardcoded demonstration payload. It is best classified as OPERATIONAL rather than WEAPONIZED because it supports arbitrary command execution but lacks framework integration, payload management, or advanced operator features.

This repository is a small, self-contained proof-of-concept for CVE-2021-41773 affecting Apache HTTP Server 2.4.49. It contains four files: a Python exploit (exploit.py), a Dockerfile that builds an intentionally vulnerable Apache 2.4.49 lab environment, and two Markdown documents (README.md and SETUP.md) describing the vulnerability, setup, and expected behavior. The main exploit logic is in exploit.py. It uses Python raw TCP sockets instead of higher-level HTTP libraries specifically to preserve the encoded traversal sequence '%2e', which many libraries normalize and thereby break. The script first checks target reachability with a GET / request, then performs a path traversal request to '/.%2e/.%2e/.%2e/.%2e/etc/passwd', and finally attempts remote code execution by POSTing to '/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'. The POST body is a simple shell payload that emits a CGI content type header and then runs an arbitrary command. In its default flow, it executes 'id', 'whoami', 'hostname', and 'cat /etc/os-release | head -3'. The exploit’s capabilities are therefore: unauthenticated file disclosure via path traversal and unauthenticated command execution via CGI-enabled traversal to /bin/sh. The payload is basic but functional, making the exploit operational rather than merely demonstrative. The Dockerfile is important context: it uses httpd:2.4.49, enables mod_cgi, allows filesystem-wide access with 'Require all granted' on '/', enables CGI execution, and creates a test CGI script. This configuration is intentionally unsafe and designed to make the RCE path work reliably in a lab. The documentation reinforces that the intended target is a local Docker container exposed on port 8080. Overall, this is a genuine exploit repository, not a scanner or detection script. It is narrowly focused on reproducing CVE-2021-41773 in a controlled environment and demonstrates both traversal and RCE against Apache 2.4.49.

This repository is a small standalone proof-of-concept exploit project for CVE-2021-41773 affecting Apache HTTP Server 2.4.49. The main exploit logic is in poc_41773.py, a Python script that uses requests and argparse to target a user-supplied base URL. It implements two capabilities: arbitrary file read by appending a traversal sequence (/cgi-bin/.%2e/.%2e/.%2e/.%2e) to a requested file path, and remote command execution by POSTing shell commands to the traversed /bin/sh path. The script is operational rather than a mere detector because it actively retrieves file contents and executes attacker-supplied commands. Repository structure is simple: README.md documents the vulnerability, lab setup, and example exploitation commands; docker-compose.yml defines a local lab with a vulnerable Apache container on port 8080 plus two unrelated vulnerable containers for other CVEs; offensive_zeta_shell.txt is a captured terminal log showing a successful reverse shell session from the Apache container as user daemon; and .gitignore contains standard exclusions. The exploit is not part of a larger framework such as Metasploit or Nuclei. The primary network target pattern is an HTTP service exposing Apache 2.4.49 with vulnerable path normalization and, for RCE, CGI enabled. The most fingerprintable exploit endpoint is the traversal path under /cgi-bin leading to /bin/sh. The README demonstrates local lab exploitation against http://localhost:8080 and includes a sample reverse shell callback to 192.168.56.1:4444. Overall, the repository’s purpose is to demonstrate and validate path traversal and command execution against a deliberately vulnerable Apache lab instance.

This repository is a small self-contained lab and proof-of-concept exploit for CVE-2021-41773, the Apache HTTP Server 2.4.49 path traversal vulnerability. It contains three files: a README with setup and usage instructions, a Bash script to launch or stop a vulnerable Dockerized Apache instance, and a Python exploit script. The main exploit capability is arbitrary file read via a crafted traversal request to /cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd. The Python script uses a raw TCP socket to connect to a user-supplied host and port, sends a manual HTTP GET request, collects the full response, and checks for 'root:x:' to determine likely success. It then prints up to the first 2000 bytes of the response. There is no remote code execution payload, persistence, or post-exploitation logic; this is a straightforward file-disclosure PoC. Repository structure and purpose: - README.md: Documents cloning, starting the lab, manual exploitation with curl, automated exploitation with exploit.py, and stopping the lab. - apache_lab.sh: Creates a reproducible vulnerable environment by pulling Docker image httpd:2.4.49, running it as container 'apache-vuln', exposing it on localhost:8080, and modifying /usr/local/apache2/conf/httpd.conf to replace 'Require all denied' with 'Require all granted', then restarting Apache. - exploit.py: Interactive exploit PoC that targets a specified IP/port and attempts to read /etc/passwd. This is a real exploit repository rather than a detection-only script, but its maturity is best classified as POC because it demonstrates a single hardcoded traversal payload and only validates success by checking for passwd contents.

Small single-script Python exploit repository targeting Apache HTTP Server path traversal/RCE vulnerabilities CVE-2021-41773 and CVE-2021-42013. The repository contains only four files: a standard .gitignore, GPL license, a minimal README naming the Apache CVE, and the main exploit script exploit.py. The exploit script is the only code file and serves as the entry point. The script accepts four command-line arguments: target host, target port, attacker IP, and attacker port. It constructs an HTTP URL pointing to a traversal path under /cgi-bin/ that resolves to /bin/bash on the target: /cgi-bin/.%2e/.../bin/bash. It then sends a POST request using the local curl binary via subprocess.run, with a payload that prints a CGI header and launches an interactive bash reverse shell to the attacker using /dev/tcp. This makes the exploit an active RCE exploit rather than a detector. Operationally, the exploit depends on a vulnerable Apache configuration where CGI execution is reachable and the traversal flaw can be used to execute /bin/bash. It also assumes a Unix-like target with bash available and outbound network access from the victim to the attacker listener. There is no target validation, no vulnerability check, no payload customization beyond command-line callback parameters, and no error handling beyond catching subprocess exceptions. Overall, this is a straightforward proof-of-concept/operational reverse-shell exploit for vulnerable Apache 2.4.49/2.4.50 deployments.

Repository purpose: a modular Python-based LFI exploitation framework (“LFI-Destruction v5.2”) intended for authorized penetration testing. It targets generic LFI primitives in web apps and chains them into file disclosure, credential harvesting, and multiple LFI→RCE techniques. Structure & key files: - LFI-Destruction.py: main entry point and core engine. Implements interactive configuration (target URL, LFI type path vs param, traversal depth, encoding, headers/cookies/proxy, OS selection) and runs Mode 1 & Mode 2 directly. Also dynamically loads additional modes (3–5) from separate Python modules. - mode3_phpinfo_race.py: Mode 3 (beta) automates discovery of phpinfo() endpoints using OS-specific path wordlists, parses phpinfo output for upload constraints, then attempts a classic upload temp-file race to obtain a temporary filename (e.g., /tmp/phpXXXX or C:/Windows/Temp/phpXXXX.tmp) and includes it via LFI to execute a PHP payload; on success it can proceed to a reverse shell. - mode4_upload_trigger.py: Mode 4 (beta) attempts to include an already-uploaded PHP webshell via LFI. Supports a single operator-provided path or brute-force of common upload locations; verifies execution via ?cmd=id/whoami and can then attempt a reverse shell. - mode5_session_grabber.py: Mode 5 (beta) attempts to locate PHP session.save_path (fallback wordlists for Linux/Windows), optionally enumerate session files via directory listing, download sess_* files via LFI, and attempt php://filter/convert.base64-decode to recover readable session contents for hijacking. - encoding_patterns.json / headers.json / user_agents.txt / cookies.txt / proxies.txt: supporting data for traversal/encoding variants, header profiles (including spoofed client IP headers), and operator convenience for authenticated testing and proxying. - install_dependencies.sh: installs colorama (and optionally requests/bs4/urllib3) and creates local directories (artifacts, etc.). Exploit capabilities (by mode): 1) Artifact fuzzing / file disclosure: enumerates likely user directories (Linux/Windows) and attempts to retrieve sensitive files via LFI (SSH keys, browser credential stores, cloud credentials, etc.), saving results under ./artifacts/. 2) Log poisoning → RCE: injects PHP into log sinks via configurable vectors (User-Agent/Referer/XFF/custom header/parameter), then includes candidate log files via LFI to execute system($_GET['cmd']); validates with a test command and can deliver a reverse shell (bash or PowerShell) including a customizable command template. 3) phpinfo() race LFI2RCE: finds phpinfo(), confirms file_uploads and size constraints, races to capture the upload tmp_name and includes it via LFI to execute PHP payload; then offers reverse shell. 4) Uploaded file trigger: includes an existing webshell via LFI and executes commands via ?cmd=. 5) Session grabbing: reads and optionally enumerates PHP session files to facilitate session hijacking; attempts base64 decode wrapper bypass. Notable observables: the repo includes example target URLs (192.168.1.100 and target.com:8443) and many local filesystem paths used as LFI targets (session directories, upload locations, PHP temp paths). No hardcoded attacker C2 is present; reverse shell destinations are operator-supplied at runtime.

Repository purpose: a self-contained Docker lab and Python PoC exploit for Apache HTTP Server 2.4.49 CVE-2021-41773 (path traversal leading to file read and, when CGI is enabled, RCE). Key exploit capabilities (exploit.py): - Sends non-normalized raw HTTP requests using Python stdlib http.client to preserve encoded traversal sequences (.%2e). - Vulnerability check: POST to /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh and reads /etc/passwd to confirm exposure. - Arbitrary file read: runs `cat <filepath>` via /bin/sh. - RCE: executes arbitrary shell commands supplied via -c. - Interactive pseudo-shell: repeatedly issues separate HTTP requests to execute commands. Lab environment structure: - docker-compose.yml defines three services: nginx reverse proxy (80:80), vulnerable apache (8888:80), and mysql:5.7 on a backend network. It intentionally includes insecure practices (containers run as root, secrets in environment variables). - apache/Dockerfile pins httpd:2.4.49 and enables mod_cgi/mod_cgid; installs mysql-client for post-exploitation/pivot demonstration. - apache/httpd.conf is intentionally vulnerable: <Directory /> Require all granted and ScriptAlias /cgi-bin/ with ExecCGI enabled. - nginx/nginx.conf proxies to Apache using proxy_pass http://apache_backend$request_uri to pass the raw URI (helping the encoded traversal reach Apache) and leaks version via server_tokens on. - mysql/init.sql seeds demo data and grants root access from any host ('root'@'%') with a known password; includes example “sensitive” values. Overall, this is an operational PoC exploit plus a reproducible vulnerable stack to demonstrate unauthenticated traversal-to-RCE, secret extraction from container environments (e.g., /proc/1/environ), and potential pivoting to MySQL using exposed credentials.

Repository purpose: a Python-based interactive LFI/path traversal fuzzer focused on discovering and exfiltrating SSH artifacts from a vulnerable web server via file-read primitives. Key files and structure (11 files): - LFI-SSH-FUZZER.py: main tool. Implements an interactive scanner with options for advanced mode, user-agent rotation, rate limiting, proxy support, custom headers, cookie handling, timeouts, traversal depth, and redirect handling. It targets two LFI styles: (1) path-segment traversal and (2) query-parameter LFI. It confirms LFI by reading /etc/passwd, parses usernames, then attempts to locate and download SSH-related files for those users. - encoding_patterns.json: database of traversal encodings/obfuscations, including Apache-specific patterns for CVE-2021-41773 and CVE-2021-42013, plus PHP wrapper examples (php://filter, data://). - headers.json: header profiles for “bypass”/testing (X-Forwarded-For, CF headers, debug headers, etc.) to help reach internal-only routes or evade simplistic controls. - proxies.txt, cookies.txt, user_agents.txt: operator convenience lists for routing through tools (Burp/ZAP/Tor), supplying authenticated cookies, and rotating UAs. - README.md and quick_reference.md: usage notes; explicitly claims support for Apache 2.4.49/2.4.50 traversal (CVE-2021-41773) and SSH key discovery. - install_dependencies.sh: installs Python deps (colorama; optionally requests/bs4/urllib3) and creates local directories (artifacts/, config_examples/, tests/). Exploit capabilities (actionable): - Network-based exploitation of LFI/path traversal to read arbitrary local files. - Automated enumeration: reads /etc/passwd, extracts users, then hunts for SSH artifacts (keys and related files) and downloads them locally. - Bypass/fuzzing support: multiple traversal encodings (single/double/triple encoding, unicode slashes, Windows backslashes), Apache traversal variants, null-byte/wrapper patterns, and header/cookie/proxy features to operate against authenticated or filtered endpoints. No hardcoded victim infrastructure is present beyond example targets and local proxy endpoints; the actual target host/URL is provided interactively/through CLI arguments.

Repository purpose: a Python PoC/exploit helper for Apache httpd path traversal and optional CGI-based RCE affecting 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013), plus a Docker lab to spin up a vulnerable 2.4.50 instance. Structure: - cve-2021-42013.py: main exploit script. It performs a HEAD request to the target to read the `Server` header and chooses payloads based on whether the version string contains “49” or “50”; otherwise it tries both CVEs. It supports: - Path traversal check/PoC (-pt): requests a crafted /icons/ traversal URL and considers the target vulnerable if response contains "root:". - RCE check/PoC (-rce): POSTs to a crafted /cgi-bin/ traversal URL ending in /bin/sh with body "echo;id" and considers the target vulnerable if response contains "uid=". - Bulk scanning (-l): iterates over a list of URLs. - Dockerfile: builds Apache httpd 2.4.50 from source on Ubuntu 20.04, installs it to /, copies in httpd.conf, and runs httpd in foreground. - httpd.conf: Apache configuration intended to be vulnerable for testing; README notes enabling CGI-BIN and adding an Alias for "icons" to make traversal testing possible. - README.md: usage examples and lab setup instructions. Notable implementation details/limitations: - The script is primarily a PoC/verification tool (hardcoded checks and command `id`), not a full interactive shell. - It relies on the `Server` header substring matching ("49"/"50"), which may be absent/modified; in that case it falls back to trying both payload styles. - The traversal/RCE endpoints are relative to the user-supplied base URL (e.g., http(s)://host:port + payload path).

This repository contains a working exploit for CVE-2021-41773, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49. The repository consists of two files: a README.md with usage instructions and vulnerability details, and exploit.py, a Python script that automates detection and exploitation. The exploit first checks if the target is vulnerable by attempting to read /etc/passwd using crafted path traversal URLs. If vulnerable, it constructs a reverse shell payload in multiple languages (bash, python, perl, php, nc, socat, telnet, zsh, awk, sh) and sends it to the target via a POST request to a path-traversed /bin/sh endpoint. Successful exploitation results in a reverse shell to the attacker's machine. The exploit is operational, providing a real payload and automating the attack process. The main attack vector is network-based, targeting HTTP(S) endpoints on the vulnerable server. The code is standalone and not part of a larger framework.

This repository contains a Python proof-of-concept exploit for CVE-2021-42013 (and references CVE-2021-41773 in the README), targeting Apache HTTP Server 2.4.49 with mod_cgi enabled. The exploit leverages a path traversal vulnerability to access the /bin/sh shell via a specially crafted URL, allowing remote, unauthenticated attackers to execute arbitrary shell commands on the server. The main script, 'CVE-2021-42013.py', provides an interactive shell-like interface, sending commands to the vulnerable endpoint using curl. The README provides background on the vulnerability, usage instructions, and example commands. No hardcoded IPs or credentials are present; the user supplies the target IP at runtime. The exploit is a functional POC and does not include advanced features or payload customization.

This repository contains a Python exploit script (CVE-2021-41773.py) and a README.md. The script targets Apache HTTP Server 2.4.49 vulnerable to CVE-2021-41773, which allows path traversal and remote code execution via crafted requests to the CGI handler. The exploit takes user input for the target IP/hostname, port, command to execute, and optionally the binary to use (default /bin/sh) and HTTPS usage. It constructs a POST request to a path-traversed CGI endpoint (e.g., /cgi-bin/.%2e/%2e%2e/.../bin/sh) with a payload that executes the supplied command. The output of the command is returned to the attacker. The README provides usage examples and describes the exploit's purpose. The repository is a straightforward, operational proof-of-concept for remote code execution against vulnerable Apache servers.

This repository contains a proof-of-concept Bash script (exploit.sh) that exploits CVE-2021-41773, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49. The script takes three arguments: the target base URL, the attacker's listener IP, and the listener port. It crafts a POST request using curl to a specially constructed path traversal endpoint that ultimately invokes /bin/sh on the target server. The payload sent causes the server to open a reverse shell back to the attacker's machine. The repository is minimal, containing only a license, a README with usage instructions, and the exploit script. The exploit is operational and provides a working reverse shell if the target is vulnerable and properly configured.

This repository contains a Python exploit script (exploit.py) and a README.md for CVE-2021-41773 and CVE-2021-42013, which are critical path traversal vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit.py script allows an attacker to perform Local File Inclusion (LFI) to read arbitrary files or Remote Code Execution (RCE) if CGI is enabled on the target server. The script provides an interactive shell for both LFI and RCE modes, allowing repeated file reads or command execution. The attack is performed by sending crafted HTTP requests with encoded traversal sequences to endpoints such as /cgi-bin/.%2e/%2e%2e/.../bin/sh for RCE or /cgi-bin/.%2e/%2e%2e/.../<file> for LFI. The README provides usage instructions and highlights the affected and patched Apache versions. The repository is operational and ready for use in penetration testing or research against vulnerable Apache HTTP Server instances.

This repository provides a Python proof-of-concept exploit for CVE-2021-41773, a path traversal vulnerability in Apache HTTP Server 2.4.49. The exploit consists of a single script, 'cve-2021-41773.py', which takes a target URL and a file path as arguments. It constructs a specially crafted HTTP GET request using URL-encoded path traversal sequences to access files outside the web root via the '/cgi-bin/' endpoint. The script uses 'urllib3.PoolManager' to avoid automatic URL normalization, which is crucial for the exploit to succeed. The repository also includes a README.md with detailed usage instructions and a requirements.txt listing Python dependencies. The exploit is remote, unauthenticated, and allows attackers to read arbitrary files from vulnerable Apache servers. No fake or destructive actions are present; the code is a legitimate proof-of-concept for the specified vulnerability.

This repository is a proof-of-concept (POC) environment for reproducing and exploiting CVE-2021-41773, a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49. The repository includes a Dockerfile and docker-compose.yml to build and run a vulnerable Apache instance with a custom httpd.conf. The README.md provides detailed instructions and two exploit examples: 1. A curl command that exploits the path traversal vulnerability to read arbitrary files (e.g., /etc/passwd) via a specially crafted URL to the /cgi-bin/ endpoint. 2. A bash loop to test multiple hosts for vulnerability using the same path traversal technique. The exploit works by sending HTTP requests with encoded traversal sequences (.%2e) to bypass directory restrictions and access sensitive files. If CGI is enabled, it may also allow command execution. The repository is intended for local testing and demonstration of the vulnerability, not for weaponized exploitation. No custom exploit code is present; the main value is in the environment setup and example payloads. The main fingerprintable endpoints are the vulnerable HTTP URL and the targeted file paths.

This repository contains a Python exploit script (exploit.py) targeting Apache HTTP Server versions 2.4.49 and 2.4.50 with CGI enabled, exploiting CVE-2021-41773 and CVE-2021-42013. The exploit works by sending a crafted POST request to a vulnerable CGI endpoint using a path traversal payload to invoke /bin/bash, allowing arbitrary command execution. The script is designed to take a list of target IP addresses from a file and mass-exploit them, making it suitable for testing multiple servers. The README provides usage instructions and context, emphasizing its intended use for system administrators. The exploit is a proof-of-concept (POC) and requires the user to specify the command to execute. No hardcoded payload is provided, and the script does not include advanced features such as reverse shells or post-exploitation modules. The only code file is exploit.py, written in Python, and it is the main entry point for the exploit.

This repository contains a Bash script exploit (50383.sh) and a README.md file. The exploit targets Apache HTTP Server 2.4.49 vulnerable to CVE-2021-41773, which allows path traversal and remote code execution via specially crafted HTTP requests. The script takes a list of target URLs and a file path or command, then sends HTTP POST requests to the /cgi-bin/.%2e/%2e%2e/... endpoint to either read arbitrary files (such as /etc/passwd) or execute arbitrary commands (such as whoami via /bin/sh). The README provides usage instructions, example targets, and describes the corrections made to the original exploit. The main attack vector is network-based, exploiting HTTP endpoints on vulnerable Apache servers.

This repository is a Go-based Proof-of-Concept exploit for CVE-2021-41773, a vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 that allows Local File Inclusion (LFI) and Remote Code Execution (RCE). The main exploit logic is in 'main.go', which provides two primary capabilities: (1) LFI to enumerate users from /etc/passwd and brute-force SSH private keys for users with home directories, and (2) RCE by sending arbitrary shell commands to the server via a crafted POST request. The tool supports both HTTP and HTTPS, allows the use of custom or pre-defined SSH key wordlists (downloaded from GitHub), and can be run with various flags to control its behavior. The README provides clear usage instructions and notes the exploit's applicability to Apache HTTP Server 2.4.49 and 2.4.50. The code is a functional PoC, not weaponized, and is intended for security testing on authorized systems.

This repository contains three Python scripts and a README for exploiting CVE-2021-41773, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49/2.4.50. The main script (cve-2021-41773.py) performs mass scanning of targets for the vulnerability by attempting to read /etc/passwd using a crafted URL. The second script (cve-2021-41773_RCE.py) attempts remote code execution by POSTing shell commands to a specially encoded CGI path, checking for successful execution by looking for 'Linux' in the response. The third script (cve-2021-41773_manual.py) allows interactive command execution on a single target. All scripts use Python's requests library and multiprocessing for concurrent scanning. The exploit targets Apache servers with mod_cgi enabled and not properly patched for CVE-2021-41773, and can both read sensitive files and execute arbitrary commands remotely. The repository is operational and provides working exploit code for both detection and exploitation.

This repository contains three Python scripts and a README for exploiting CVE-2021-41773, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49 and 2.4.50. The main scripts are: - cve-2021-41773.py: Performs mass scanning of targets for the path traversal vulnerability by attempting to read /etc/passwd via a crafted URL. It takes a list of targets and a thread count, and saves vulnerable hosts to vuln.txt. - cve-2021-41773_RCE.py: Attempts remote code execution by sending a POST request to a crafted /cgi-bin path, executing 'uname' on the server. It also supports mass scanning and saves vulnerable hosts. - cve-2021-41773_manual.py: Provides an interactive shell-like interface, allowing the user to send arbitrary commands to a single target via the same RCE vector. All scripts use the requests library and multiprocessing for concurrent scanning. The endpoints targeted are specifically crafted to exploit the path traversal and RCE vectors in vulnerable Apache servers. The repository is operational, providing both detection and exploitation capabilities.

This repository contains a Python exploit script (exploit.py) targeting Apache HTTP Server versions 2.4.49 and 2.4.50, specifically for CVE-2021-41773 and CVE-2021-42013. The exploit provides two main capabilities: (1) arbitrary file read via path traversal, and (2) remote code execution (RCE) via a crafted POST request to a vulnerable CGI endpoint. The script takes command-line arguments for the target host, port, operation (rce or file), and the command or file path. It constructs specific URL payloads to exploit the vulnerabilities and provides an interactive shell for further exploitation. The repository is structured with a single exploit script, a README with usage instructions, and a license file. No hardcoded IPs or domains are present; the script dynamically targets user-specified hosts. The exploit is operational, providing a working payload for both file read and RCE, and is not part of a larger framework.

This repository provides a proof-of-concept (POC) environment for exploiting CVE-2021-41773, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49. The repository includes a Dockerfile to build a vulnerable Apache server with a custom httpd.conf and a simple bash CGI script (bash.cgi). The README.md explains the vulnerability, provides detailed exploitation steps, and includes example HTTP requests for both arbitrary file read and remote command execution (RCE) via path traversal to /bin/sh or /bash.cgi. The exploit leverages URL-encoded traversal sequences to bypass directory restrictions and access files or execute commands if the CGI module is enabled. The structure is typical for a POC: configuration files to set up the vulnerable environment, a minimal CGI script for demonstration, and comprehensive documentation. No detection scripts or fake elements are present; the repository is focused on demonstrating and reproducing the vulnerability.