9000 - Pentesting FastCGI
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Basic Information
If you want to learn what is FastCGI check the following page:
disable_functions bypass - php-fpm/FastCGIBy default FastCGI run in port 9000 and isn't recognized by nmap. Usually FastCGI only listen in localhost.
RCE
It's quite easy to make FastCGI execute arbitrary code:
or you can also use the following python script: https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Last updated