Studying the interaction of Php with Powershell
Try the simplest script:
<?php
$query = shell_exec("powershell.exe -File E:\test.ps1");
echo $query;
?>
In the script test.ps1 - for example "Test-Connection Server"
Need to the answer in Powershell returned to the page Php, but in response to a white paper...
Please tell me some solution for this problem.. do Not have shell_exec. There may be other options?
You can store the output of powershell script in a variable and then echo it. Just change $psDIR to your PowerShell path (e.g. %SystemRoot%\system32\WindowsPowerShell\v2.0\)
<?php
$psPath = "powershell.exe";
$psDIR = "PathToPowrshell";
$psScript = "E:\test.ps1";
$runScript = $psDIR. $psScript;
$runCMD = $psPath." ".$runScript;
$output= shell_exec($runCMD);
echo( '<pre>' );
echo( $output );
echo( '</pre>' );
?>
Related
I have python file which is newtry.py and this is my code:
print ("hello world")
I also have php file which is importKeyword.php and this is my code:
<?php
$python = `python newtry.py`;
echo $python;
echo "yes";
?>
I want to print "hello world" from python in the browser but it only print "yes" which is from php file. I have look at this solution which is using backquote operator ( enter link description here ) and wondering why I can't make it.
You can use exec function
exec('python newtry.py', $output);
var_dump($output);
use 2>&1 to redirect the output
<?php
exec("python newtry.py 2>&1", $python);
print_r($python);
echo "yes";
?>
I want to execute powershell script through PHP, And want return parameters in PHP variable. So for testing, I have tried to get windows version from powershell script.
<?php
exec("C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe gwmi win32_operatingsystem | % caption",$output );
echo( '<pre>' );
var_dump( $output );
echo( '</pre>' );
?>
output:
C:\wamp64\www\py\indexPHP.php:6:
array (size=0)
empty
but it returns an empty array.
Your call is incorrect.
exec("C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command (GWMI Win32_OperatingSystem).Caption", $Output);
I'm trying to echo a variable which is defined in Linux (Centos 6.3).
For accessing the server I use phpseclib 2.0.
When accessing using PuTTY (or similar), with vfrepc86 user, i'm getting the following output:
vfrepc86#illin935!:vfrepc86> echo $USER
vfrepc86
vfrepc86#illin935!:vfrepc86> pwd
/vfuser1/vfr/abp/vfrepc86
vfrepc86#illin935!:vfrepc86> echo $WL_HOME
/opt/weblogic1211_new/wlserver_12.1
When I try running the same with PHP (connecting with the same user vfrepc86), using the following code:
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include('phpseclib/Net/SSH2.php');
$ssh = new Net_SSH2('illin935');
if (!$ssh->login('vfrepc86', '******')) {
exit('Login Failed');
}
echo "---User:---";
echo "<br>";
echo $ssh->exec('echo $USER');
echo "<br><br>";
echo "---Location of run:---";
echo "<br>";
echo $ssh->exec('pwd');
echo "<br><br>";
echo "---Default:---";
echo "<br>";
echo $ssh->exec('echo $WL_HOME'); //my first try, returns nothing
echo "<br><br>";
echo "---Using su:---";
echo "<br>";
echo $ssh->exec('su - vfrepc86 -c \'echo $PATH\''); //tried with su
echo "<br><br>";
echo "---Writing to file:---";
echo "<br>";
echo $ssh->exec('echo $WL_HOME >> temp.txt'); //tried writing to file
?>
I get the following:
---User:---
vfrepc86
---Location of run:---
/vfuser1/vfr/abp/vfrepc86
---Default:---
---Using su:---
standard in must be a tty
---Writing to file:---
You can see I'm not able to get the $WL_HOME. Though the script is running from the same path. As seen above, I've also tried using su but that returns standard in must be a tty. Printing the command to a file doesnt help, as the file gets empty.
NET_SSH2 does not request an interactive shell, so your .profile doesn't get executed. That's why $WM_HOME is not defined.
Instead of phpseclib, use the PECL ssh2 extension, it has a function ssh2_shell that requests an interactive shell.
Two solutions.
Enable a PTY ($ssh->enablePTY()) and then do $ssh->exec('command'). More info: http://phpseclib.sourceforge.net/ssh/pty.html
Use an interactive shell. eg. $ssh->read('[prompt]'); $ssh->write("command\n"); echo $ssh->read('[prompt]');. More info: http://phpseclib.sourceforge.net/ssh/examples.html#interactive
I am building a site that is intentionally vulnerable to LFI exploits for teaching purposes (similar to Natas). Here is my code:
File being run through CLI (/etc/flags/challenge):
<?php
//This file must be located at /etc/flags/challenge
require_once('/var/www/html/class.sqlite.php');
require_once('/var/www/html/inc.func.php');
$dbuser = base64_decode($_COOKIE['loggedin']);
$sqlite = new sqlite("/var/www/html/db/$dbuser/challenge.db");
$flag = $sqlite->getflag($dbuser);
echo "The flag is $flag";
?>
Main file:
<html>
<head>
<title>Challenge</title>
</head>
<body>
Home About
<br>
<?php
if (array_key_exists('file', $_GET)) {
$shell = shell_exec('php ' . $_GET['file']);
echo $shell;
}
?>
<!--The flag is located at /etc/flags/challenge-->
</body>
</html>
Currently, /etc/flags/challenge is not able to access the loggedin cookie. What is the best way to allow the /etc/flags/challenge to access that cookie?
You could read the cookie in the main script and then pass it as a command-line argument:
In the main file:
Add $cookie = $_COOKIE['loggedin'];, and change $shell = ... to $shell = shell_exec('php ' . $_GET['file'] . ' ' . $cookie);
In the CLI file:
Add $cookie = $argv[1];
Read this for more info on command line arguments in PHP
I'm trying to execute a swi-prolog file from PHP, but when i try to run this code, nothing is executed. This my code:
<HTML>
<HEAD>
<TITLE>Calling SWI-Prolog from PHP (short)</TITLE>
</HEAD>
<body>
<H1>Calling SWI-Prolog from PHP (short)</H1>
<?
$cmd = "nice -n15 /C:/Program Files/swipl/bin/swipl-win.exe -f test.pl -g test,halt";
?>
<P>
<PRE>
<?
system( $cmd );
echo "\n";
$output = exec( $cmd );
echo $output;
echo "\n";
exec( $cmd, $output );
print_r( $output );
echo "\n";
$output = shell_exec( $cmd );
echo $output;
echo "\n";
?>
</PRE>
</P>
</body>
</HTML>
When I run the php file from my server, it only shows the string Calling SWI-Prolog from PHP (short).
Activate error reporting and you probably will see some info showing what went wrong.
Add this at the beginning of the file:
<?php
ini_set("display_errors", "1");
error_reporting(E_ALL);
?>
When done debugging you should remove the lines. You should never print error output in a productive environment.