mirror of
https://github.com/klezVirus/CVE-2021-40444.git
synced 2024-12-21 18:26:34 +00:00
Re-adding the server dir
This commit is contained in:
parent
f2090f1d70
commit
7562cfa66a
3 changed files with 379 additions and 2 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -2,7 +2,7 @@ venv
|
|||
out
|
||||
test
|
||||
srv
|
||||
.idea
|
||||
__pycache__
|
||||
template/sample4-nw.html
|
||||
!srv/index.html
|
||||
.idea
|
||||
__pycache__
|
|
@ -102,6 +102,7 @@ def generate_payload(payload, server_url, basename, copy_to=None):
|
|||
# Checking ephemeral directories
|
||||
tmp_path.mkdir(exist_ok=True)
|
||||
cab_path.mkdir(exist_ok=True)
|
||||
srv_path.mkdir(exist_ok=True)
|
||||
|
||||
print(f' [>] Payload: {payload}')
|
||||
print(f' [>] HTML/CAB Hosting Server: {server_url}')
|
||||
|
|
376
srv/index.html
Normal file
376
srv/index.html
Normal file
|
@ -0,0 +1,376 @@
|
|||
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<!--
|
||||
Modified from the Debian original for Ubuntu
|
||||
Last updated: 2016-11-16
|
||||
See: https://launchpad.net/bugs/1288690
|
||||
-->
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<title>Apache2 Ubuntu Default Page: It works</title>
|
||||
<style type="text/css" media="screen">
|
||||
* {
|
||||
margin: 0px 0px 0px 0px;
|
||||
padding: 0px 0px 0px 0px;
|
||||
}
|
||||
|
||||
body, html {
|
||||
padding: 3px 3px 3px 3px;
|
||||
|
||||
background-color: #D8DBE2;
|
||||
|
||||
font-family: Verdana, sans-serif;
|
||||
font-size: 11pt;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
div.main_page {
|
||||
position: relative;
|
||||
display: table;
|
||||
|
||||
width: 800px;
|
||||
|
||||
margin-bottom: 3px;
|
||||
margin-left: auto;
|
||||
margin-right: auto;
|
||||
padding: 0px 0px 0px 0px;
|
||||
|
||||
border-width: 2px;
|
||||
border-color: #212738;
|
||||
border-style: solid;
|
||||
|
||||
background-color: #FFFFFF;
|
||||
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
div.page_header {
|
||||
height: 99px;
|
||||
width: 100%;
|
||||
|
||||
background-color: #F5F6F7;
|
||||
}
|
||||
|
||||
div.page_header span {
|
||||
margin: 15px 0px 0px 50px;
|
||||
|
||||
font-size: 180%;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
div.page_header img {
|
||||
margin: 3px 0px 0px 40px;
|
||||
|
||||
border: 0px 0px 0px;
|
||||
}
|
||||
|
||||
div.table_of_contents {
|
||||
clear: left;
|
||||
|
||||
min-width: 200px;
|
||||
|
||||
margin: 3px 3px 3px 3px;
|
||||
|
||||
background-color: #FFFFFF;
|
||||
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
div.table_of_contents_item {
|
||||
clear: left;
|
||||
|
||||
width: 100%;
|
||||
|
||||
margin: 4px 0px 0px 0px;
|
||||
|
||||
background-color: #FFFFFF;
|
||||
|
||||
color: #000000;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
div.table_of_contents_item a {
|
||||
margin: 6px 0px 0px 6px;
|
||||
}
|
||||
|
||||
div.content_section {
|
||||
margin: 3px 3px 3px 3px;
|
||||
|
||||
background-color: #FFFFFF;
|
||||
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
div.content_section_text {
|
||||
padding: 4px 8px 4px 8px;
|
||||
|
||||
color: #000000;
|
||||
font-size: 100%;
|
||||
}
|
||||
|
||||
div.content_section_text pre {
|
||||
margin: 8px 0px 8px 0px;
|
||||
padding: 8px 8px 8px 8px;
|
||||
|
||||
border-width: 1px;
|
||||
border-style: dotted;
|
||||
border-color: #000000;
|
||||
|
||||
background-color: #F5F6F7;
|
||||
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
div.content_section_text p {
|
||||
margin-bottom: 6px;
|
||||
}
|
||||
|
||||
div.content_section_text ul, div.content_section_text li {
|
||||
padding: 4px 8px 4px 16px;
|
||||
}
|
||||
|
||||
div.section_header {
|
||||
padding: 3px 6px 3px 6px;
|
||||
|
||||
background-color: #8E9CB2;
|
||||
|
||||
color: #FFFFFF;
|
||||
font-weight: bold;
|
||||
font-size: 112%;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
div.section_header_red {
|
||||
background-color: #CD214F;
|
||||
}
|
||||
|
||||
div.section_header_grey {
|
||||
background-color: #9F9386;
|
||||
}
|
||||
|
||||
.floating_element {
|
||||
position: relative;
|
||||
float: left;
|
||||
}
|
||||
|
||||
div.table_of_contents_item a,
|
||||
div.content_section_text a {
|
||||
text-decoration: none;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
div.table_of_contents_item a:link,
|
||||
div.table_of_contents_item a:visited,
|
||||
div.table_of_contents_item a:active {
|
||||
color: #000000;
|
||||
}
|
||||
|
||||
div.table_of_contents_item a:hover {
|
||||
background-color: #000000;
|
||||
|
||||
color: #FFFFFF;
|
||||
}
|
||||
|
||||
div.content_section_text a:link,
|
||||
div.content_section_text a:visited,
|
||||
div.content_section_text a:active {
|
||||
background-color: #DCDFE6;
|
||||
|
||||
color: #000000;
|
||||
}
|
||||
|
||||
div.content_section_text a:hover {
|
||||
background-color: #000000;
|
||||
|
||||
color: #DCDFE6;
|
||||
}
|
||||
|
||||
div.validator {
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="main_page">
|
||||
<div class="page_header floating_element">
|
||||
<img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
|
||||
<span class="floating_element">
|
||||
Apache2 Ubuntu Default Page
|
||||
</span>
|
||||
</div>
|
||||
<!-- <div class="table_of_contents floating_element">
|
||||
<div class="section_header section_header_grey">
|
||||
TABLE OF CONTENTS
|
||||
</div>
|
||||
<div class="table_of_contents_item floating_element">
|
||||
<a href="#about">About</a>
|
||||
</div>
|
||||
<div class="table_of_contents_item floating_element">
|
||||
<a href="#changes">Changes</a>
|
||||
</div>
|
||||
<div class="table_of_contents_item floating_element">
|
||||
<a href="#scope">Scope</a>
|
||||
</div>
|
||||
<div class="table_of_contents_item floating_element">
|
||||
<a href="#files">Config files</a>
|
||||
</div>
|
||||
</div>
|
||||
-->
|
||||
<div class="content_section floating_element">
|
||||
|
||||
|
||||
<div class="section_header section_header_red">
|
||||
<div id="about"></div>
|
||||
It works!
|
||||
</div>
|
||||
<div class="content_section_text">
|
||||
<p>
|
||||
This is the default welcome page used to test the correct
|
||||
operation of the Apache2 server after installation on Ubuntu systems.
|
||||
It is based on the equivalent page on Debian, from which the Ubuntu Apache
|
||||
packaging is derived.
|
||||
If you can read this page, it means that the Apache HTTP server installed at
|
||||
this site is working properly. You should <b>replace this file</b> (located at
|
||||
<tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
If you are a normal user of this web site and don't know what this page is
|
||||
about, this probably means that the site is currently unavailable due to
|
||||
maintenance.
|
||||
If the problem persists, please contact the site's administrator.
|
||||
</p>
|
||||
|
||||
</div>
|
||||
<div class="section_header">
|
||||
<div id="changes"></div>
|
||||
Configuration Overview
|
||||
</div>
|
||||
<div class="content_section_text">
|
||||
<p>
|
||||
Ubuntu's Apache2 default configuration is different from the
|
||||
upstream default configuration, and split into several files optimized for
|
||||
interaction with Ubuntu tools. The configuration system is
|
||||
<b>fully documented in
|
||||
/usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
|
||||
documentation. Documentation for the web server itself can be
|
||||
found by accessing the <a href="/manual">manual</a> if the <tt>apache2-doc</tt>
|
||||
package was installed on this server.
|
||||
|
||||
</p>
|
||||
<p>
|
||||
The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
|
||||
</p>
|
||||
<pre>
|
||||
/etc/apache2/
|
||||
|-- apache2.conf
|
||||
| `-- ports.conf
|
||||
|-- mods-enabled
|
||||
| |-- *.load
|
||||
| `-- *.conf
|
||||
|-- conf-enabled
|
||||
| `-- *.conf
|
||||
|-- sites-enabled
|
||||
| `-- *.conf
|
||||
</pre>
|
||||
<ul>
|
||||
<li>
|
||||
<tt>apache2.conf</tt> is the main configuration
|
||||
file. It puts the pieces together by including all remaining configuration
|
||||
files when starting up the web server.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<tt>ports.conf</tt> is always included from the
|
||||
main configuration file. It is used to determine the listening ports for
|
||||
incoming connections, and this file can be customized anytime.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
Configuration files in the <tt>mods-enabled/</tt>,
|
||||
<tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
|
||||
particular configuration snippets which manage modules, global configuration
|
||||
fragments, or virtual host configurations, respectively.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
They are activated by symlinking available
|
||||
configuration files from their respective
|
||||
*-available/ counterparts. These should be managed
|
||||
by using our helpers
|
||||
<tt>
|
||||
a2enmod,
|
||||
a2dismod,
|
||||
</tt>
|
||||
<tt>
|
||||
a2ensite,
|
||||
a2dissite,
|
||||
</tt>
|
||||
and
|
||||
<tt>
|
||||
a2enconf,
|
||||
a2disconf
|
||||
</tt>. See their respective man pages for detailed information.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
The binary is called apache2. Due to the use of
|
||||
environment variables, in the default configuration, apache2 needs to be
|
||||
started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
|
||||
<b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
|
||||
default configuration.
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="section_header">
|
||||
<div id="docroot"></div>
|
||||
Document Roots
|
||||
</div>
|
||||
|
||||
<div class="content_section_text">
|
||||
<p>
|
||||
By default, Ubuntu does not allow access through the web browser to
|
||||
<em>any</em> file apart of those located in <tt>/var/www</tt>,
|
||||
<a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
|
||||
directories (when enabled) and <tt>/usr/share</tt> (for web
|
||||
applications). If your site is using a web document root
|
||||
located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
|
||||
document root directory in <tt>/etc/apache2/apache2.conf</tt>.
|
||||
</p>
|
||||
<p>
|
||||
The default Ubuntu document root is <tt>/var/www/html</tt>. You
|
||||
can make your own virtual hosts under /var/www. This is different
|
||||
to previous releases which provides better security out of the box.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="section_header">
|
||||
<div id="bugs"></div>
|
||||
Reporting Problems
|
||||
</div>
|
||||
<div class="content_section_text">
|
||||
<p>
|
||||
Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
|
||||
Apache2 package with Ubuntu. However, check <a
|
||||
href="https://bugs.launchpad.net/ubuntu/+source/apache2"
|
||||
rel="nofollow">existing bug reports</a> before reporting a new bug.
|
||||
</p>
|
||||
<p>
|
||||
Please report bugs specific to modules (such as PHP and others)
|
||||
to respective packages, not to the web server itself.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
<div class="validator">
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
Loading…
Reference in a new issue