I've been working on a webinterface for a game server deployment system. The game in question requires the user to enter their authentification key to allow the server to run in their name.
I can get the server to start using the exec() function however I need to be able to read the console output and allow the user to send things to the console via a php form.
I've tried looking around, google searches etc. If anyone could give me a hand with this I'd be very grateful.
The webserver is running XAMPP on Windows Server 2008 with up to date PHP etc.
Thanks in advanced.
From my understanding, you need shell_exec() function:
Return Values
The output from the executed command or NULL if an error occurred or
the command produces no output.
Example usage:
<?php
$output = shell_exec('ls -lart');
echo "<pre>$output</pre>";
?>
Related
I'm trying to execute a command on my Raspberry Pi via SSH and get the result of it in my PHP script on my Windows machine. Currently I can execute the command on my RasPi, but I do not get any results back into the PHP script.
The code I'm Using for this:
<?php
$cmd = "C:\\path_to_putty\\putty.exe -ssh pi#RasPiIP -pw raspberry -m C:\\path_to_test.txt\\test.txt";
$result = shell_exec($cmd);
echo $result;
?>
For sending commands to my RasPi the code works. I have tested multiple times by as example changing test.txt to sudo reboot and it worked as intended.
I'm using PuTTY to send my command (test.txt is currently nfc-list which returns connected Scanners etc not important right here) to the RasPi.
What I want to achieve is that $result contains the returned data when my command is executed.
Is it even possible to do that? If yes how (any help appreciated). If no, are they maybe other ways to approach this?
Addressing the possible duplicate: I am using a Windows Machine and also I'm trying to get the result (of the one command) to reuse in my PHP script. In the other question, user is trying to save the full console log and save it to another file.
First, do not use PuTTY. PuTTY is a GUI application intended for an interactive use. Use Plink, which is command-line/console equivalent of PuTTY intended for command automation. Being a console application, it has a standard output, which can be read in PHP (PuTTY as a GUI application does not have standard output).
With Plink, you can also specify the command on Plink command line, so you do not need to create the test.txt command file.
In any case, there's no way to make PuTTY or Plink separate an output of command only (at least not from a command-line).
But what you can do, is to print some header/trailer to distinguish the start and end of the command output, like:
plink.exe -ssh pi#RasPiIP -pw raspberry "echo start-of-command && command && echo end-of-command"
And then in PHP, you can look for the start-of-command and end-of-command to identify what part of Plink output is really the command output.
In any case, you better use a PHP SSH library to achieve what you want, rather then driving an external application. For example phpseclib. But that's a completely different question.
I have a Windows Server 2016 VPS with Plesk and PHP 7.1x.
I am trying to execute a simple AutoHotKey script from PHP using the following command:
<?php shell_exec('start /B "C:\Program Files\AutoHotkey\AutoHotkey.exe" C:\inetpub\vhosts\mydomain.com\App_Data\myahkscript.ahk'); ?>
This is the only line on the page. I have tried different ahk scripts, the current one simply creates a MsgBox.
When I execute my php page, on VPS Task Manager I see three processes created with the expected USR: cmd.exe, conhost.exe and php-cgi.exe. However, my PHP page just sits waiting on the server and nothing actually happens on the server.
I have also tried the same line except replacing shell_exec with exec. This seems to make no difference. I have tried without start /b with both commands. In that case the PHP page completes but no new processes are started.
I cannot find any errors in any logs: Mod_Security, Plesk Firewall, IIS.
Any ideas?
EDIT:
I tried my command from the VPS command prompt and immediately slapped in the face with the obvious issue of the space in 'Program Files'. I quoted the string as shown above and the command works. This eliminated the hang when running from PHP. However, the command still does nothing when executed from the web page.
EDIT:
Based on suggestions from the referenced post 'debugging exec()':
var_dump: string(0)""
$output: Array()
$return_val: 1
One point was that I would probably not be able to invoke GUI applications. That puts a damper on the idea.
I am trying to run a perl script from php that requires parameters to be passed to the perl script to run correctly. The following is the correct usage of the perl script from the linux terminal:
/home/user/test.pl -a alpha -b beta
or just
/home/user/test.pl -a alpha
I have execute permissions on the script and can run it without any parameters and the correct usage from the script is displayed back to my browser.
Below is the PHP code that works by displaying the usage back to my browser:
$result = shell_exec('/home/user/test.pl');
echo $result;
And the following is the problem code which I can not for the life of me figure out:
$test = $_POST['test'];
$result = shell_exec('/home/user/test.pl -a'.' '.$test);
echo $result;
Can anyone tell me what it is that I am missing to make this work correctly?
Thank you for the help.
My issue resided within the perl script itself and a specific line that was trying to output to a log file which the apache user did not have access to. I was calling the script correctly the whole time but once I was able to get to the server side logs (granted by system admin) I saw the issue was buried within the Perl script and not in php.
I have been trying unsuccessfully so far to write a php script that will run when a page is opened and that will launch metasploit!
I ve tried shell_exec and exec and all the other alternatives but although I can get it to do simple things (i.e. ls, cds etc) if I try msfconsole it doesnt do anything!
I have also tried a different script that launches firefox and again nothing happens!
Now i know that php runs on the server and I m not expecting to see a console or firefox opening in the clients machine! Instead in order to check if it works I am trying to echo out the output of the shell_exec!But anyway since im hosting the files on my machine (i.e. this is the server and a VM is the client) if it could actually launch firefox i should be able to see the app opening here in the same way as by just doing this from the command line!
What am I missing?
Is there any other way to do this?(i.e. Launch metasploit everytime a user opens up my page)
NOTE: I've tried specifying the full path for msfconsole but that didnt work either!
Heres what I have so far:
$output = shell_exec('/opt/local/libexec/metasploit3/msfconsole;show');
echo "<pre>$output</pre>";
The ";show" bit was used in order to actually make it run something and print some stuff but didnt make any difference!
When you run a gui application from the command prompt in a X window system, it will use the default display. When you run it using php which is embedded in apache webserver, the program may not know where to display the gui application.
there are 2 things to make this work.
The program that executes the gui application must have permission to use display
you need to tell the program which display to use.
I used the following in my php script
<?php
$cmd = `export DISPLAY=:0; gedit`;
shell_exec($cmd);
?>
and ran the script from terminal using php -f test.php
I got the gedit up and running.
You can test the same with the script in apache too.
Please add apache user with privileges to access display server
update: I just added the following in /etc/apache2/apache2.conf (I am using ubuntu)
User poomalai
Group poomalai
and restarted the web server
sudo service apache2 restart
now I accessed localhost/test.php
and Presto!! I got the gedit :)
Hope this helps
I'm attempting to get PHP to call a batch file which will take an RTF file and convert it to a PDF using an OpenOffice macro. I've tested the batch file on the command line and it works fine, but I'm not having any luck calling and using the same batch file from PHP.
My machine OS is XP professional SP 3. I'm running IIS 6 and PHP version 5.2.9.
I've granted execute permissions to the internet user on c:\windows\system32\cmd.exe.
I specified the full path to the batch file being executed and the full path to the RTF file to be converted.
The PHP looks like this where $arg is the RTF to be converted:
$arg = "C:\\web_root\\whatever\\tempOutput.rtf";
$command = "c:\\windows\\system32\\cmd.exe /c c:\\web_root\\whatever\\convert.bat $arg";
Then inside a try-catch I call the exec command:
exec("$command 2>&1 && exit", $ret, $err);
I echo the results after the catch:
echo "ret: ";
print_r ($ret);
print "<br>";
echo "err is ";
echo $err;
print "<br>";
echo "DONE!";
And this is what I see:
ret: Array ( )
err is 0
DONE!
The RTF file does not get converted and I'm not seeing the errors. Any ideas on what I can try next? Thanks!!!
I'm going to bet this is about permissions.
In a typical setup, PHP runs as apache - so you'll want to make sure apache has the rights to execute the batch file.
also, check this relevant SO question, and this google search.
Looks like the output array is empty. Is your batch script supposed to have output?
Also, escapeshellcmd and escapeshellarg should be used
Are you using IIS as your webserver? If so, the PHP exec function will not work by default and you should NOT circumvent the security measures that prevent it from running.
Check your event viewer and you should find some errors pertaining to your problem. Run a query through google for: IIS PHP exec. This should give you a large selection of information about the problem.
Basically, the PHP exec function tries to fork a new cmd.exe instance. IIS prohibits this because it could open a security hole in the system.
The best solution that I have come up with is to have your php script either write the command that you want to execute to a flat file or make a database entry. You will then need to write a seperate script that is launched by the windows scheduler to run every 10 minutes or so that will check your flat file or database for commands to run. The new script will then run the commands and then place either the results or an execution confirmation that your web app will be able to access at a later time.
It's a kludge for sure.
Is PHP running in safe-mode? If so, shell commands are escaped with escapeshellcmd. Perhaps this is the problem?
Do you have control of the server running the PHP script?