linux渗透与安全第二节 - 读取配置文件

国际上最通用的Linux虚拟主机搭建方式是这样的：

Linux操作系统+Apache网站容器+PHP脚+MySQL数据库
一个服务器上的网站配置信息显然都储存在Apache的配置文件中。通常Apache会安装在Linux的这个目录下：/usr/local，其Apache的conf配置文件也会在Apache的目录下，当然，也有的Apache配置文件会单独拿出来，放到例如/etc/httpd/conf/httpd.conf这样的地方。今天我就拿两则cent os系统来说明一下读取配置文件的相关内容。既然前面老大Mr.Cool做了一篇Linux文章了，为了配合其连续性，我最终还是把作者名改成。
第一则是一个电脑学校自己搭建的虚拟主机。Apache没有安装在/usr/local这个目录下，实际上管理员还对Apache做了userdir的权 限设定，也就是说虽然是Linux+Apache的主机，但是无法直接读取虚拟主机目录以外的文件夹内容。好在exec和system还能用。
这样的话我就用ls命令列目录。
/usr目录翻遍没有找到Apache的踪迹。web的目录是/server
那么我就用ls列/server的目录，最后确定在这里：
ls /server/program
回显：
apache
apr
apr-util
curl
freetype2
gd2
ImageMagick
jpeg6
libxml2
mysql
php
proftpd
subversion
zlib
复制代码
是Apache目录，读取conf里面的配置文件：
cat /server/program/apache/conf/extra/httpd-vhosts.conf
复制代码
得到回显如下(出于隐私保护的原则已隐藏处理)：
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
NameVirtualHost *:80
<VirtualHost *:80>
Options Includes None
DocumentRoot "/server/www/cnnb315"
ServerName www.cnnb315.com
ErrorLog "logs/cnnb315-1.com-error_log"
CustomLog "logs/cnnb315-1.com-access_log" common
php_admin_value open_basedir "/server/www/cnnb315:/tmp"
</VirtualHost>
<VirtualHost *:80>
Options Includes None
DocumentRoot "/server/www/cnnb315"
ServerName cnnb315.com
ErrorLog "logs/cnnb315-1.com-error_log"
CustomLog "logs/cnnb315-1.com-access_log" common
php_admin_value open_basedir "/server/www/cnnb315:/tmp"
</VirtualHost>
###### xiaofeicn.com Start ######
<VirtualHost *:80>
Options Includes None
ServerAdmin [email protected]
DocumentRoot /server/www/xiaofeicn
ServerName xiaofeicn.com
php_admin_value open_basedir "/server/www/xiaofeicn/:/tmp/"
ErrorDocument 404 /404.php
## RewriteEngine on
## RewriteRule ^(.*)/list-([0-9]+)-([0-9]+)\.html$ $1/list.php?forum_id=$2&page=$3
## RewriteRule ^(.*)/detail-([0-9]+)-([0-9]+)\.html$ $1/detail.php?thread_id=$2&page=$3
ErrorLog logs/xiaofeicn.com-error_log
CustomLog logs/xiaofeicn.com-access_log common
</VirtualHost>
<VirtualHost *:80>
Options Includes None
ServerAdmin [email protected]
DocumentRoot /server/www/xiaofeicn
ServerName www.xiaofeicn.com
php_admin_value open_basedir "/server/www/xiaofeicn/:/tmp/"
ErrorDocument 404 /404.php
## RewriteEngine on
## RewriteRule ^(.*)/list-([0-9]+)-([0-9]+)\.html$ $1/list.php?forum_id=$2&page=$3
## RewriteRule ^(.*)/detail-([0-9]+)-([0-9]+)\.html$ $1/detail.php?thread_id=$2&page=$3
ErrorLog logs/xiaofeicn-1.com-error_log
CustomLog logs/xiaofeicn-1.com-access_log common
</VirtualHost>
<VirtualHost *:80>
Options Includes None
ServerAdmin [email protected]
DocumentRoot /server/www/file
ServerName file.xiaofeicn.com
php_admin_value open_basedir "/server/www/file/:/tmp/"
</VirtualHost>
<VirtualHost *:80>
Options Includes None
ServerAdmin [email protected]
DocumentRoot /server/www/xiaofeicn/bbs
ServerName bbs.xiaofeicn.com
php_admin_value open_basedir "/server/www/xiaofeicn/bbs/:/tmp/"
RewriteEngine on
RewriteRule ^(.*)/list-([0-9]+)-([0-9]+)\.html$ $1/list.php?forum_id=$2&page=$3
RewriteRule ^(.*)/detail-([0-9]+)-([0-9]+)\.html$ $1/detail.php?thread_id=$2&page=$3
ErrorDocument 404 /404.php
</VirtualHost>
<VirtualHost *:80>
Options Includes None
ServerAdmin [email protected]
DocumentRoot /server/www/xiaofeicn/blog
ServerName blog.xiaofeicn.com
RewriteEngine on