I often get requests to hack that user or that site. Often those people are inexperienced and don’t understand the time and will that goes in to some projects. To spend hours and hours to mapping and getting an overview of the server you need will and motivation. And then you get a request you often don’t feel that motivate to attack the target in question. But there are different kinds of motivation. The biggest and the one I use is my own curiosity or urge to have a site. Second best is to gain a favor from a friend or collage. Third is money, everyone needs that. So next time you ask a random hacker to do something think about dose three reasons and ask yourself if your request meets any of the criteria. I don’t get angry if my friends send me a request, but people I hardly know should even bother.
Even worse than that are people that think everything is easy to hack or that I have some kind of “super one click program” that I can use to get access to everything. They don’t understand that not everyone can do anything. Your need a set of skills and knowledge and that it takes time and effort to enquire them. From now on when people ask me to teach them to hack ill answer: “If you know how to Google and some PHP/*SQL/Perl(CGI)/ASP. Etc, and Unix, know some things about Apache/IIS and basic TCP. Then I’ll show you the way of the force”.
Index of /Unfiltered
h4x
Monday, November 30th, 2009locating the httpd.conf file.
Monday, November 30th, 2009I rarely deal with local file inclusion, but when I do I always run into the same problem of finding the httpd.conf file. I need to read this file for several reasons. One is to know where I am (www-root). The second one is to find the path to the log files. Third is to find out if there are any other virtual hosts on the server I don’t know about. So the httpd.conf file is the first I thing I look for, but it can be a pain in the ass to find. Although I have a lot of default paths written down I still have problem finding it sometimes. Even if you find it/them there can still be obstacle in the way. One of them is the damn asterisk (*) sign, Ex: /etc/apache/conf.v/*conf
This tells apache to include every file in the /conf.v/ that ends with a “.conf”, the files can be named anything so it’s just the long an almost impossible task of guessing what the webmaster named them. Anyway what iam getting at is that reading the httpd.conf files is a big step in achieving your goal. I’ll post my list of default paths I have found over the years. Hopefully someone will post a comment with paths I don’t have. Hope this can be to help for someone.
Enjoy!
/www/apache/conf/httpd.conf
/etc/httpd/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/etc/apache/conf/httpd.conf
/www/httpd/conf/httpd.conf
/etc/www/conf/httpd.conf
/home/www/conf/httpd.conf
/home/apache/conf/httpd.conf
/etc/apache2/httpd.conf
/etc/apache2/vhosts.d/vhost.conf
/home/www/httpd/conf/httpd.conf
/usr/local/etc/apache/httpd.conf
/usr/local/etc/apache/httpd.conf
/var/www/conf/httpd.com
/var/apache2/conf/httpd.conf
/usr/local/etc/apache22/httpd.conf
/usr/local/etc/apache2/httpd.conf
/etc/apache22/conf/httpd.conf