Amazing room TryHackMe CVE-2021-41773 / CVE-2021-42013 explaining how the new vulnerability on Apache Webserver 2.4.49 affecting the path normalization mechanism.
TryHackMe CVE-2021-41773
On the 5th of October 2021, a CVE detailing a path traversal attack on Apache HTTP Server v2.4.49 was released. Assigned the number CVE-2021-41773, it was released with the following description:
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by “require all denied” these requests can succeed. Additionally (sic) this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.
TryHackMe
Room Link : TryHackMe CVE-2021-41773/42013Task 1 – A Bit of Background…
Answer the questions below
What version of Apache httpd was initially vulnerable to this CVE?
Answer: 2.4.49This vulnerability requires an unusual misconfiguration for it to be exploitable (Yea/Nay)
Answer: YeaTask 2 – What is Path Traversal anyways?
Answer the questions below
A path traversal exploit will (choose the best answer):
A) Include arbitrary remote files to be processed on the server.
B) Include arbitrary local files to be processed on the server.
C) Allow arbitrary files to be exposed by the server.
D) None of the above.
Answer: CURL-encode the . symbol
Answer: %2EWhat does this URL fragment decode to: %%32%65 ?
Answer: %2eTask 3 Ok, Ok; Gib Hax!
Answer the questions below
What module needs to be enabled in order to get remote code execution?
Answer: mod_cgiTask 4 Practical Exam
Answer the questions below
What is the flag on port 8080?
Answer: THM{724V3R51N6_P4TH5_OMMITED_RFS}What is the flag on port 8081?
Answer: THM{2C3_F20M_RFS}What is the flag on port 8082?
Answer: THM{D0UBL3_3NC0D1N6_RFS}What is the flag on port 8083?
Answer: THM{F1L732_8YP455_RFS}What user is the Apache server running as?
Answer: daemonFind the root flag on the machine on port 8083?
Answer: THM{P21V_35C_F20M_4P4CH3_OMMITED_RFS}
