ServerRoot "/usr/local/apache2"
Listen 9000
# for easier debugging, use 'MaxClients 1'
MaxClients 1
ServerAdmin you@example.com
# Dynamic Shared Object (DSO) Support
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
User daemon
Group daemon
# 'Main' server configuration
DocumentRoot "/usr/local/apache2/htdocs"
Options Indexes FollowSymLinks
AllowOverride None
DirectoryIndex index.html
Require all denied
ErrorLog /proc/self/fd/2
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
CustomLog /proc/self/fd/1 common
# ==============================================
# CVE related configs
# ==============================================
LoadModule alias_module modules/mod_alias.so
# Arbitrary File Read via routes with mod_alias
Alias /pwnage/ "/tmp/my-dir-lmao/"
# RCE via mod_alias + CGI
LoadModule cgi_module modules/mod_cgi.so
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
AllowOverride None
Options None