mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 20:53:37 +00:00
Translated ['network-services-pentesting/9000-pentesting-fastcgi.md'] to
This commit is contained in:
parent
61ebd19a61
commit
c4c666247a
1 changed files with 14 additions and 12 deletions
|
@ -1,31 +1,31 @@
|
|||
<details>
|
||||
|
||||
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
||||
<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
||||
|
||||
Ander maniere om HackTricks te ondersteun:
|
||||
|
||||
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
|
||||
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
||||
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-repos.
|
||||
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
# Basiese Inligting
|
||||
|
||||
As jy wil **leer wat FastCGI is**, kyk na die volgende bladsy:
|
||||
As jy wil **leer wat FastCGI is** kyk na die volgende bladsy:
|
||||
|
||||
{% content-ref url="pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md" %}
|
||||
[disable\_functions-bypass-php-fpm-fastcgi.md](pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-fpm-fastcgi.md)
|
||||
{% endcontent-ref %}
|
||||
|
||||
Standaard loop **FastCGI** op **poort** **9000** en word nie deur nmap herken nie. **Gewoonlik** luister FastCGI slegs op **localhost**.
|
||||
Standaard hardloop **FastCGI** op **poort** **9000** en word nie deur nmap herken nie. **Gewoonlik** luister FastCGI slegs op **localhost**.
|
||||
|
||||
# RCE
|
||||
|
||||
Dit is baie maklik om FastCGI arbitrêre kode uit te voer:
|
||||
Dit is redelik maklik om FastCGI arbitrêre kode uit te voer:
|
||||
```bash
|
||||
#!/bin/bash
|
||||
|
||||
|
@ -45,19 +45,21 @@ cgi-fcgi -bind -connect $HOST:9000 &> $OUTPUT
|
|||
cat $OUTPUT
|
||||
done
|
||||
```
|
||||
Of jy kan ook die volgende Python-skripsie gebruik: [https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75](https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75)
|
||||
```markdown
|
||||
of jy kan ook die volgende Python-skripsie gebruik: [https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356](https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356)
|
||||
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
||||
<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
||||
|
||||
Ander maniere om HackTricks te ondersteun:
|
||||
|
||||
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
|
||||
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
|
||||
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
||||
* **Deel jou hack-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-repos.
|
||||
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
|
||||
|
||||
</details>
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue