This allows running apache2 as root without password. Apache config files can Include arbitrary files, so we can read root-only files through error output.
image.png
sudo/usr/sbin/apache2-f/etc/shadow
which case error but hashed of root is leaked
then unshadow and crack hash
we use this option --pot=deleteme.pot to force john start crack again
