Exposed .htaccess and .htpasswd files

The .htaccess and .htpasswd are configuration files used by Apache web servers, the first to control directory-level settings, define access rules, enable or disable features, and implement security measures, and the second to store hashed passwords used for basic authentication.

In some cases, the access permissions to these files aren't properly set. Here we can find how to leverage this misconfiguration:

Check if these files are exposed and don't have any access restrictions

http://$URL/.htaccess    # If properly configured we should get a 403 error code
http://$URL/.htpasswd    # If not, would be possible to leak their contents

Also, after gaining access as the user from a web server, it's possible to explore the default folder for servers /var/www/html and look at the hidden files to search for them

cd /var/www/html
ls -a    #The response could contain the desired files

PreviousUsername and Password Bruteforcing with BurpSuite NextLocal File Inclusion

Last updated 5 months ago