i'm trying to make connect to ssh host who have keyboard-interactive(auth) after put the username, it's generate key and display it, then it's should encrypt and send again to success login.
i found the idea writen in python but i can't run it in windows, .
http://seclists.org/fulldisclosure/2016/Jan/26
my php source ssh.php :
$ssh = new phpseclib\Net\SSH2('169.254.201.230');
$ssh->login('Fortimanager_Access');
print $ssh->read();
it's say :
PHP Notice: Operation disallowed prior to login() in C:\Apache24\htdocs\cli\vendor\phpseclib\phpseclib\phpseclib\Net\SSH2.php on line 2804
i try another way using putty command line (plink.exe)
system("C:\plink.exe" Fortimanager_Access#127.0.0.1 >z && type z && type z >> z.txt");
but it's not saving the log wish contain the generated string from keyboard-interactive.
example from putty :
login as: Fortimanager_Access
Using keyboard-interactive authentication. -840056459
Access denied
Using keyboard-interactive authentication. -1378285763
AK1AAAAAAAAAAAAAAAAmWT0TKGMI23Iq4Q9P42z0PwpYBQ=
it would be good if i can run bat from php in midlle of plink
I've spent the past couple of days going through trying to figure this out, and this is the closest that I've been able to get working.
Looks like this was cross-posted at https://github.com/phpseclib/phpseclib/issues/1146. Quoting the answer:
That's not currently possible with phpseclib. Right now phpseclib (as elaborated at http://phpseclib.sourceforge.net/ssh/auth.html#keyboard) supports two methods for dealing with keyboard-interactive authentication.
Order based. eg. if you have two parameters (after the username) each of them are passed to the keyboard-interactive prompt in the order that they appear in the function call.
Context based. eg. you tell phpseclib what should be sent when a known prompt is encountered.
You're talking about dynamic prompt's and adjusting the response based on the prompt. It'd require a decent amount of work to make phpseclib do that. It's a good idea and I'll add it to my list of changes to make for 3.0 when I get around to doing revamping SSH but that's a ways away.
Related
I want to call php using vba or vbs. The php file is stored on a server.
I am able to do it if the php file is stored locally:
Sub asasdsad
Call Shell("C:\xampp\php\php.exe C:\path\file.php", 1)
End Sub
This calls the php which executes a code for me. My problem is, the .php file I want to call is stored on a server, for which I've got username and password of course. Copying file to local directory is not an option as it's got a lot of includes.
My idea is to use PuTTY to connect to the server, and use it to execute above command, all from cmd using vba/vbs.
UserName = "un"
Passwrd = "pw"
'this would need additional parameters at the end to call php.exe like above
Call Shell("""C:\Program Files (x86)\PuTTY\putty.exe"" " & "-ssh " & UserName & "#ip address -pw " & Passwrd, 1)
As you can imagine there will be a lot of parameters so it just get complicated, not ever sure if this would work. I've never used PuTTY and all of this is quite new to me. I'm sure there's a better way?
First, do not use PuTTY, use Plink (PuTTY connection tool). It's a console application designed for automation (contrary to PuTTY, what is GUI application, designed for an interactive use).
Plink (again contrary to PuTTY) can accept a command to be executed on its command-line (it has a similar command-line syntax as OpenSSH ssh):
"C:\...\plink.exe" -ssh username#ip_address -pw password /path/to/php /path/to/script.php
I'm trying to integrate a custom web page with git. In my PHP scripts, I use the option "-c credential.helper="store --file=..." so that the web page does not stop and wait for a password to be input. The User ID is specifically designated for automated tasks like this. As part of the web interface, I have some code that will update the credentials file when the password expires.
During development, when I issue the git commands at the windows command prompt (the "terminal" for you *NIX readers :) they all work fine. However, when I put the commands inside my PHP script and run it via the web server, they fail. I've managed to capture the output of the git task, and it's waiting for someone to type in a user ID.
It seems that git on windows will automatically drop back to the "manager" helper, if all other mechanisms fail. The following sequence of commands illustrates this:
C:\TFS\Train>git config --get --show-origin credential.helper
C:\TFS\Train>type .git\.git_web_credentials
http://Promote5:[.....]#tocgnxt1pv%3a8080
C:\TFS\Train>git -c credential.helper="store --file=C:\TFS\Train\.git\.git_credentials" tag -a -m "Testing tags from the command line" Who_created_this_tag2
C:\TFS\Train>git show Who_created_this_tag2
tag Who_created_this_tag2
Tagger: JimHyslop <jim.hyslop#xxx.xxx>
Date: Wed Dec 6 18:13:27 2017 -0500
[... remainder of output elided ...]
C:\TFS\Train>git --version
git version 2.13.0.windows.1
As you can see, the "tagger" line indicates that I'm the one who applied the tag.
I've even tried deleting the credentials file completely, but it still falls back to using my identity.
Is there any way to suppress this automatic fall back to using my Windows credentials? It's making it very difficult to debug my PHP script: I never know from the command prompt whether the command succeeded because it was able to use the credentials file, or because it fell back to using my own ID (which the web service cannot do).
Edit to add: The password is actually in the credentials file, I masked it out. The file was initially created by entering the ID and password from a Cygwin shell, which is running a slightly newer version of git: 2.15.0. I'm running a WAMP stack for my web service.
After more investigation, I realized that the 'tagger' line is pulled from the configuration information under the [user] section. The user information shown in the log is unrelated to the authorization/credentials method.
The real question is: why is git ignoring the command-line option "-c credential.helper="? Or, if it's not ignoring the option, how can I figure out exactly what is failing with the credential helper?
For the record, the solution I came up with was to write a custom credential manager, as outlined at git-scm.com
Hoping you experienced folks can clear up my frustrations! I've searched & researched and found multiple sources discussing similar issues to what I'm trying to troubleshoot, but none seem to help the situation. Without giving an entire historical listing of what I've tried, here's where things currently stand:
I have a simple Debian server set up with a MySql database. All relevant firewall ports have been opened and specific GRANT PRIVILEGES have been applied for 'username'#'mylocalglobalip' (username not being root).
On my local Apache instance (I'm currently running it on OS X), I have the latest PHP installed and working. I've confirmed this by going to localhost/website/phpinfo.php - PHP itself is working fine.
I've gone through all the tutorials on setting up a simple MySql connection using mysqli. Here's my simple code (with the credentials deleted):
$connection = mysqli_connect($mylocalglobalip,$username,$password,$dbname);
No matter what I've tried, I keep getting the friendly
"mysqli_connect(): (HY000/1045): Access denied for user
'username'#'mylocalglobalip' (using password: YES)" warning.
If I SSH into the remote server, I can get into the MySql console from both my non-root and root logins. However, I can only login if I use...
mysql -u username -p
... and supply my password when prompted. However, if I enter...
mysql -u username -pPassword
... no luck. I again get Access Denied.
Finally, to make sure everything is open on my firewalls and that my server and MySql are accessible remotely, I installed a local instance of MySqlWorkbench. I put in the same credentials and I can login to the remote server without a problem.
Why would I be able to login through the Workbench, but not through my local PHP script? Is there an obvious parameter I need to enable in a local and/or remote config file? From the php and mysql config files I've glanced at, I can't see anything that would be blocking the PHP connection.
I'll be happy to provide config and code snippets upon request!
Thanks for reading!
Thanks to the comments and responses, the solution presented itself. Michael (sqlbot) mentioned using -p'your-password' in single quotes to encapsulate any special characters in the password. Then it dawned on me (being a PHP noob), to check my $password variable in the PHP code. Sure enough I had something to the effect of:
$password = "some random pa$$word goes here";
Whoops. The $ character within double-quotes in PHP signifies a variable insertion within a string. This was most likely being interpreted as:
"some random pa goes here" // Since $ is empty and $word isn't a declared variable!
Putting the password with a $ special character in between single quotes solved the simple PHP syntax problem.
Thanks for stopping me from going down the path of server reconfiguration and encouraging me to search my PHP code more closely!
It's a bug hunt, and it sounds like credentials are wrong in at least some cases.
Check the mysql logs and verify it is showing the same user when you log in successfully from the command-line and when you do it from PHP or when you fail from the command line. You may sometimes be showing up as 'username' or 'username'#'localhost' or 'username'#'fqdn' and be being treated differently based on that.
Check carefully letter-by-letter to be sure you are not typing the credentials differently in two different places. Verify credentials are being imported into your php file correctly.
I'm making a Minecraft control panel, but are sort of confused on how to send a command to each screen. I understand how to execute a command to a screen, but I don't understand to read the output.
Ex. I have screen A and screen B. I want to execute something in screen A, and get the output, and then exit the screen.
Here's an easier solution:
Use Websend bukkit plugin (Download&info) in both servers. PHP can simply execute commands and receive outputs when plugin is installed and php classes setted up, also this can be more complex than bash screen, and much easier to setup and use.
Here's an example use of this:
<?php
include_once 'Websend.php';
//Replace with bukkit server IP. To use a different port, change the constructor to new Websend(ip, port)
$ws = new Websend($ServerIP, $ServerPort);
//Replace with password specified in Websend config file
$ws->connect("password");
$ws->doCommandAsConsole("give ".$PlayerName." 64 1");
$ws->disconnect();
?>
In this example the script item to a variable-definied player.
You can execute a custom variable command with replacing $ws->doCommandAsConsole("give ".$PlayerName." 64 1");' to$ws->doCommandAsConsole("$_REQUEST['customCMD']"); where customCMD is a field in a GET or POST form.`
Don't actually need a plugin, but keep in mind using shell_exec could open a massive world of pain for you when it comes to security.
However, I was having a similar issue with implementing a control panel in drupal, I managed to run commands to a screen using the following code.
shell_exec("screen -S ScreenName -X stuff \"echo hello world\"'\n'");
You're welcome.
I'm brand new to ruby and Watir, here's my issue...
I have a MySQL DB with test data that I need. I've done a lot in the past with this data and so I have a whole library of PHP tools for accessing this data, marking data as in use/used/bad/etc, and in general I have a lot of time invested in the PHP framework. So I'd really like to use the PHP framework as a wrapper around the Watir script - for example, use PHP to grab test user login data from the DB and pass it to the ruby script for processing.
I now have sites with javascript that need work/testing and PHP & cURL can't deal with this. So I'm working with Watir-WebDriver on Ubuntu 10.10 (Maverick, Desktop not Server) for these sites. The problem I'm having is with the use of PHP's shell_exec of the ruby script with all the Watir code.
The PHP shell_exec is executing the file - I can see it because I have some puts lines in the file which are being displayed. However, the code appears to be failing on the line
ff = Watir::Browser.new :firefox
I'm not getting an error from PHP.
The PHP line is:
echo shell_exec('ruby /var/www/watir_test.rb');
The ruby script works fine when I call it from a terminal window with the line:
ruby /var/www/watir_test.rb
I originally expected this was a permissions issue since it worked from the command line but not from a browser. However, since it can call the file well enough to return the hardcoded data I've provided for the test then ruby file permissions don't seem to be the issue. Could there be a permissions issue with opening a Firefox window from the www-data user?
When I run
ruby -d -v /var/www/watir_test.rb
I get:
{:extension=>:webdriver} {"app.update.enabled"=>"false"} {"browser.link.open_newwindow"=>"2"} {"browser.shell.checkDefaultBrowser"=>"false"} {"extensions.update.enabled"=>"false"} {"security.warn_entering_secure.show_once"=>"false"} {"webdriver_assume_untrusted_issuer"=>true} {"startup.homepage_welcome_url"=>"\"about:blank\""} {"browser.tabs.warnOnClose"=>"false"} {"extensions.update.notifyUser"=>"false"} {"toolkit.networkmanager.disable"=>"true"} {"security.warn_entering_weak.show_once"=>"false"} {"webdriver_firefox_port"=>"7055"} {"browser.download.manager.showWhenStarting"=>"false"} {"extensions.logging.enabled"=>"true"} {"network.manage-offline-status"=>"false"} {"network.http.max-connections-per-server"=>"10"} {"security.warn_submit_insecure"=>"false"} {"security.warn_entering_weak"=>"false"} {"security.warn_leaving_secure"=>"false"} {"prompts.tab_modal.enabled"=>"false"} {"security.warn_viewing_mixed.show_once"=>"false"} {"dom.max_script_run_time"=>"30"} {"webdriver_accept_untrusted_certs"=>true} {"browser.safebrowsing.enabled"=>"false"} {"security.warn_leaving_secure.show_once"=>"false"} {"signon.rememberSignons"=>"false"} {"javascript.options.showInConsole"=>"true"} {"app.update.auto"=>"false"} {"browser.EULA.3.accepted"=>"true"} {"browser.tabs.warnOnOpen"=>"false"} {"dom.disable_open_during_load"=>"false"} {"network.http.phishy-userpass-length"=>"255"} {"security.warn_entering_secure"=>"false"} {"browser.startup.homepage"=>"\"about:blank\""} {"browser.EULA.override"=>"true"} {"browser.dom.window.dump.enabled"=>"true"} {"browser.startup.page"=>"0"} {"browser.link.open_external"=>"2"} {"browser.search.update"=>"false"} {"browser.sessionstore.resume_from_crash"=>"false"} {"security.warn_viewing_mixed"=>"false"} {"dom.report_all_js_exceptions"=>"true"} {"webdriver_enable_native_events"=>false} {"devtools.errorconsole.enabled"=>"true"}
How do I get PHP to execute the shell_exec properly? The script works and my initial tests were run using firewatir (which shell_exec ran fine) but I am really wanting to use Watir-WebDriver instead of FireWatir - WatirWebDriver should be capable of running a Chrome browser (and IE on a Windows machine) while FireWatir can only run Firefox.
Thanks
Gabe
Here's my "Create Browser" code:
# Include the RubyGems file
require 'rubygems'
# Include the Watir-WebDriver file.
require 'watir-webdriver'
# Create the necessary objects
def create_browser(proxy)
# Setup the proper Firefox Profile
profile = Selenium::WebDriver::Firefox::Profile.new
profile.proxy = Selenium::WebDriver::Proxy.new :http => proxy
puts "<br>Using proxy " + proxy + "..."
#ff=FireWatir::Firefox.new :profile => profile
ff = Watir::Browser.new :firefox #, :profile => profile
puts "<br>Firefox ready..."
return ff
end
If the server is headless, you should install the headless gem so that Firefox can work.
require 'watir-webdriver'
require 'headless'
headless = Headless.new
headless.start
b = Watir::Browser.start 'www.google.com'
puts b.title
b.close
headless.destroy
See: http://watirwebdriver.com/headless/
It't a permission problem, the PHP script runs with the permissions of the server, normally apache.
You can do a sudo www and try to run the script then with rb to see if there is a problem when running ruby with the server user.
Put the two lines of code that is below at the very top of your PHP script. The result of this is that when you browse to your PHP page with your browser it will display exactly what the errors are, including any permission errors.
ini_set("display_errors",1);
error_reporting(E_ALL);
So a recent update to Firefox killed it's support for Watir (no JSSH update if I remember). As a result I rewrote what little code I had for Selenium::WebDriver. But I'm thinking that isn't particularly relevant (its included in case it is relevant I don't know it).
My ultimate solution was to use phpseclib. This allows me to SSH into the machine via their SSH2 PHP class. Once logged in as my typical username (with typical password) I was able to fire off a headless version of my script no problem. The only real issues this creates is that I now have to view everything that's going on through log files and screenshots but that was likely to be true no matter what solution I came up with.
phpseclib needs your username and password for the server (at least until you set some form of public private key pair). So I wouldn't want to do this on a publicly available machine without a couple of layers of security - like setting .htaccess to deny read access to the file with the login data, encrypting the password stored in the file, etc. However, for my purposes I'm logging into one machine on my LAN from another machine on my LAN. The password is only good on my LAN (not my web servers) and while my LAN can see out it should not be (easily) available to the rest of the world (to the best of my knowledge). So the security concerns are minimal.
I never did figure this out. Headless isn't the answer to getting PHP to exec the script. I'm pretty sure it is a permissions issue with Firefox's executable but I can't be positive until I find an actual fix.
Ultimately I've had to break up the tool where PHP manages the DB and task scheduling. Then PHP creates text files with all the data necessary for ruby to run the browser to right site, login, etc, etc... Then ruby moves the data file to one of a few different folders (success, failure, bad login, etc) and adds some text to the data file. Finally PHP parses all this info in the moved text files and updates the DB with that info.
It's less than ideal but it is getting the job done. Now I just need to figure out how to run all of this with mutliple threads...
Thanks for the help