I have a simple PHP page that calls a simple PowerShell script.
test.php
<?php
$runCMD = "powershell.exe -NoProfile -ExecutionPolicy Bypass -File teste.ps1 2>&1";
exec($runCMD,$out,$ret);
if ($ret != 0) {
echo "Could not run PowerShell.";
} else {
echo implode("\n",$out);
}
?>
test.ps1
Write-Host "Just testing!"
When both files are placed in c:\inetpub\wwwroot, everything works fine. However, if I place them in a shared network folder (\\myserver\test, for example) and point IIS to this folder, php still works but it's not able to run the PowerShell script anymore. exec just returns error code 1 and the message "Could not run PowerShell" is printed. I am currently using PHP 7.4.1, IIS 10, Windows Server 2019 and PowerShell 5.1.
Any ideas on how to solve this?
App pool identities have very limited access to the local file system (and none outside the local computer). You will need to modify ACLs on the file system to give the identities the access they need.
try to set the domain user to the application pool identity.
use https://learn.microsoft.com/en-us/sysinternals/downloads/procmon to check where access is being blocked.
Related
I need to run a linux command from php. So I used ftp_exec() function.
$command='ls -al> /ftp_test/t.log';
if (ftp_exec($ftp_conn,$command))
{
echo "$command executed successfully.";
}
else
{
echo "Execution of $command failed.";
}
But it gives me warning
Warning: ftp_exec(): Unknown SITE command
I have googled and found for ftp_exec "execution via FTP isn't very widely supported. Check that it works on the servers that you intend to connect to before you start coding something that requires this."
Can anybody give me a idea to run a linux command from php ?
If you have the appropriate authorization you may do so via SSH:
$file_list = shell_exec('ssh user#site "ls -la"');
You'll need for user to have an authorized ssh key for site, and the user must be accessible from whatever user is running PHP. This usually boils down to using user wwwrun for both.
Or you can use sudo for added security, by placing the command into a script of its own, then sudoing it:
$file_list = shell_exec('sudo /usr/local/bin/ssh-ls-site');
Now user wwwrun can be allowed to run ssh-ls-site but can't modify its contents, so he can't run arbitrary commands, nor has he access to the ssh authorization key.
The ssh-ls-site can log the request as well as updating a local marker file, and exiting immediately if the file is newer than a certain guard time. This will prevent possible DoS attacks against site (running lots of allowed commands, exhausting resources), and also improve performances; if for example you need to run the command often, you can save the results into a temporary file. Then if this file is found to exist, and is not too old, you just read back its contents instead of asking it to #site, effectively caching the command locally.
I'm trying execute a python script from php function shell_exec(), but this script require root privileges.
The python code is very simple. Using libraries wifi python does a scan of all the SSID and provides in output the information on the various wireless networks to which he had a scan in JSON format. WiFi libraries are scanning using iwlist that requires root privileges. If it is performed by a user who does not have root privileges, it returns only the information referring to the wifi where you are connected.
If I plug in my code the string
<?php
echo 'Current script owner:'. get_current_user ();
?>
I print screen "Current script owner: root", but if I try to run my code
<?php
$ Output = shell_exec ("python /home/acme/XDOMV2/conn1.py");
echo $ output;
?>
It will only return information about the network on which my debian system is connected.
How to use lighttpd webserver and I have followed several guides about getting to the only result of having to re-install lighttpd.
The question is, is there a way to run a python script as root from lighttpd?
Where am I wrong?
I would suggest to run the script as a user with proper privileages.
This will minimize the risk for exploits on the system.
Next step would be ro run the script in a cron environment as that user (or root in the worst case scenario) and deliver the result via a database or a cached environment. You could also deliver the result via sockets or file handles.
Never enable a web environment to run scripts or well anything as root, it's dangerous and not how the software(lighttpd) were meant to operate.
If you're a brave soul:
This question belongs on UnixExchange but you can check this out:
http://www.sunspot.co.uk/Projects/Joggler/lighttpd_as_root.html
And also check the docs for your lighttpd version, running as root is possible but not sound in any way.
I'm trying to use Azure's xplat-cli to run the following two commands from a PHP script:
azure account import azure.publishsettings
azure site create newsite --location='West US'
The above two commands execute perfectly from the same /var/www folder within Terminal, but don't run when called from PHP. I'm using the following PHP code to run the commands and debug the output:
$command = "azure account import azure.publishsettings";
$out = shell_exec($command);
echo $out;
I've set PHP to report all errors, but I do not receive any errors (I was thinking it would throw an error if the operation timed out). echo $out does not display any output, although it works perfectly with other command line commands.
I tried using different azure commands, but even azure and azure -v return no output. I've tried using chmod to change permissions for the bin directory and the azure executable so that PHP's www-data user can execute it. However, it still doesn't work.
What could be the possible problem(s)?
By default PHP runs under IUSR account. When executed directly:
$lastline = exec('D:\\MyProgram.exe', $output, $return_var);
It runs, but the program is unable to do it's tasks due to insufficient privileges. My question is: How do I run an executable under a specific Windows account from a PHP website?
I've tried:
When executed through Sysinternals PsExec:
$lastline = exec('D:\\PsExec.exe -u UserName -p Password -accepteula "D:\\MyProgram.exe"', $output, $return_var);
MyProgram.exe does not even execute at all. PHP throws empty output and return_var is -1073741502. I assume this is some sort of unhandled exception.
When executed through lsrunas:
$lastline = exec('D:\\lsrunas.exe /user:UserName /password:Password /domain:DOMAIN /command:"D:\\MyProgram.exe" /runpath:D:\\', $output, $return_var);
MyProgram.exe does not execute either. PHP throws empty output and return_var is 0.
Microsoft's built in runas command doesn't work because it doesn't accept password as a parameter.
Tried using different PHP functions like shell_exec, system and passthru
Tried creating a new Application Pool under IIS, to run the website under LOCAL SERVICE, SYSTEM, or a specific user.
EDIT: This is where I went wrong. It should work, but fails when Load User Profile setting is not enabled (step 3 in my answer).
Does anyone have working suggestions?
Note: All commands are working and tested through command line directly.
I kept digging and found out that the only thing that works is a dedicated application pool.
Create a new Application Pool under IIS
Set username and password in Advanced Settings > Identity > Custom account
Set Advanced Settings > Load User Profile to true (this one is important)
Choose this pool under Basic Settings of a site,
-or- for a better security:
. 5.Move all command-relatied code to one section within your website, convert it to application and apply that Application Pool to it. Then you can restrict any public access to that part and safely call that functionality from the other parts of your site.
Important note (!):
If you're running PHP via FastCGI, you must set fastcgi.impersonate = 0 in php.ini file.
Test batch file:
To test who is running the process you can save the following code to a *.bat file and call it from PHP.
#echo off
SET now=%date% %time%
SET out=[%now%] %userdomain%\%username%
echo %out%
echo %out% > D:\hello.txt
::msg * "%out%"
if %username%=="SpecificUser" (
exit /B 100
) else (
exit /B 200
)
Replace SpecificUser with your desired user name. Sometimes you'll see no output. The exit codes will help you then.
In case you can't see any output or exit code at all, this script will output the username to a text file. Replace D:\hello.txt with your desired path.
I'm running a bunch of local Kiosks on mac mini's and have been using dropbox to keep all the files in sync. However - the dropbox updates have been sketchy as of late because of the firewall settings where these things are. A workaround I have found is by having dropbox quit and restart periodically to force it to update.
My question is - since all of these are running php applications on MAMP - is there a way to launch a local app from php? I'm able to kill dropbox by doing something like this:
$killit = killall -KILL Dropbox;
But it doesn't work the same to restart it. I've tried doing this:
$start_dbox = open /Applications/Dropbox.app;
To no avail. Is there a better way to automate this process of shutting down and reopening a local application?
I've had similar problems trying to control software remotely. The 'open' command must be executed either as the currently logged in console user, or from a terminal owned by the console (e.g. Terminal.app).
If you change your PHP to redirect STDERR, you should see the error that 'open' is returning:
$start_dbox = "open /Applications/Dropbox.app 2>&1";
The following text should then be returned from the system call:
LSOpenURLsWithRole() failed with error -10810 for the file /Applications/Dropbox.app.
One workaround I've used in the past is to create a lock file somewhere in the filesystem, which your PHP script can write to and your console user can read. Then, you can create a cron that runs as the console user and periodically checks the lock file to see if it needs to restart Dropbox.
I was actually able to solve this by creating a shell script with the following:
#!/bin/sh
export DYLD_LIBRARY_PATH=""
osascript -e 'tell application "Dropbox" to activate'
Saved it as start_db.sh and dropped it in my root apache directory (so there was no permissions problem for that user).
Then in my php file I was able to do:
$start_dbox = exec('/full/path/to/start_db.sh');
Worked like a charm. Dropbox now quits and restarts with no issues.