ServerRoot "/usr/local/apache2" Listen 9000 # for easier debugging, use 'MaxClients 1' MaxClients 1 ServerAdmin you@example.com # Dynamic Shared Object (DSO) Support LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule filter_module modules/mod_filter.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule unixd_module modules/mod_unixd.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so User daemon Group daemon # 'Main' server configuration DocumentRoot "/usr/local/apache2/htdocs" Options Indexes FollowSymLinks AllowOverride None DirectoryIndex index.html Require all denied ErrorLog /proc/self/fd/2 LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio CustomLog /proc/self/fd/1 common # ============================================== # CVE related configs # ============================================== LoadModule alias_module modules/mod_alias.so # Arbitrary File Read via routes with mod_alias Alias /pwnage/ "/tmp/my-dir-lmao/" # RCE via mod_alias + CGI LoadModule cgi_module modules/mod_cgi.so ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" AllowOverride None Options None