GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mazen160 → Server Status_pwn

mazen160 / Server Status_pwn

Licence: mit
A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

apache

Projects that are alternatives of or similar to Server Status pwn

qpid-jms
Mirror of Apache Qpid JMS
Stars: ✭ 60 (-78.1%)
Mutual labels:  apache
analog-ce
Analog CE
Stars: ✭ 14 (-94.89%)
Mutual labels:  apache
tomcter
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-93.43%)
Mutual labels:  apache
Apache-Directory-Listing
A directory listing theme for Apache
Stars: ✭ 138 (-49.64%)
Mutual labels:  apache
CarbonDataLearning
Apache CarbonData Learning
Stars: ✭ 52 (-81.02%)
Mutual labels:  apache
mod auth radius
The FreeRADIUS Apache module for RADIUS authentication
Stars: ✭ 35 (-87.23%)
Mutual labels:  apache
ansible-role-apache-php-fpm
Apache FastCGI support for PHP-FPM
Stars: ✭ 31 (-88.69%)
Mutual labels:  apache
Yii2 Advanced One Domain Config
A template configuration without separation on the frontend and backend parts on different domains.
Stars: ✭ 258 (-5.84%)
Mutual labels:  apache
docker base images
Vlad's Base Images for Docker
Stars: ✭ 61 (-77.74%)
Mutual labels:  apache
htpw
htpw is a project to increase the security of your WordPress!
Stars: ✭ 42 (-84.67%)
Mutual labels:  apache
Apache
Docker container running Apache running on Ubuntu, Composer, Lavavel, TDD via Shippable & CircleCI
Stars: ✭ 15 (-94.53%)
Mutual labels:  apache
apache-baseline
DevSec Apache Baseline - InSpec Profile
Stars: ✭ 37 (-86.5%)
Mutual labels:  apache
blog
blog entries
Stars: ✭ 39 (-85.77%)
Mutual labels:  apache
zeppelin
Apache Zeppelin with support for SQL Server
Stars: ✭ 17 (-93.8%)
Mutual labels:  apache
lunaticlog
Fake HTTP log generator module, test if your monitor system can survive under the log spikes.
Stars: ✭ 35 (-87.23%)
Mutual labels:  apache
ap-airflow
Astronomer Core Docker Images
Stars: ✭ 87 (-68.25%)
Mutual labels:  apache
error-log-parser
Simple PHP library to parse Apache or Nginx error-log file entries for further usage.
Stars: ✭ 19 (-93.07%)
Mutual labels:  apache
Server Configs Apache
Apache HTTP server boilerplate configs
Stars: ✭ 2,916 (+964.23%)
Mutual labels:  apache
Poiji
🍬 A tiny library converting excel rows to a list of Java objects based on Apache POI
Stars: ✭ 255 (-6.93%)
Mutual labels:  apache
logging-log4cxx
Apache Log4cxx is a C++ port of Apache Log4j
Stars: ✭ 161 (-41.24%)
Mutual labels:  apache
View All Similar Projects ➔

server-status PWN

A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances

What is Apache server-status?

Apache server-status is an Apache monitoring instance, available by default at http://example.com/server-status. In normal cases, the server-status instance is not accessible by non-local origin IPs. However, due to misconfiguration, it can be publicly accessible. This leads anyone to view the great amount of data by server-status.

A part of "interesting/severe" data to long-term attackers and red-teamers is the exposure of clients' IP addresses and requested URLs on the Apache service, which an exposed Apache server-status provides. Also, Apache server-status output is viewed on the real-time.

What type of data can be exposed?

  • All requested URLs by all Hosts/VHosts on the Apache server.
    • This includes:
      • Hidden and obscure files and directories.
      • Session Tokens on GET REQUEST_URI (eg.. https://example.com/?token=123). If tokens are passed through GET HTTP method, it will be exposed, no matter what SSL encryption is used.
  • All clients' IP addresses along with URLs the clients have requested.

What do we need as attackers?

We need a script that constantly monitors the exposed Apache server-status, and extracts all new URLs, and save them for later testing.

Also, if we are performing an intelligence engagement, we would need all IPs that interacts with the Apache server that hosts our target website, along with requested URLs. Then we need to constantly monitor the service on the hour.

Introducing server-status PWN

server-status PWN constantly requests and parse Apache server-status page for any new event. Whenever a new URL is requested and a new client IP address is used, it will be logged and reported.

It outputs the data in a SQLITE3 database, and includes an option for saving unique URLs in a newline-delimited file.

Usage

python server-status_PWN.py --url 'http://example.com/server-status'

Why I created this?

  • To prove the severity of having an exposed Apache server-status.
  • PoC || GO supporter.
  • I needed an actual PoC exploit.

Requirements

  • Python2 or Python3
  • requests
  • bs4

Example Output

server-status_PWN Example Output

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of server-status_PWN for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

License

The project is licensed under MIT License.

Note

There are custom Apache server-status that would require a user to change table index values. If you're encountering errors related to this issue, refer to https://github.com/mazen160/server-status_PWN/issues/2.

Author

Mazin Ahmed

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].