I have been trying unsuccessfully so far to write a php script that will run when a page is opened and that will launch metasploit!
I ve tried shell_exec and exec and all the other alternatives but although I can get it to do simple things (i.e. ls, cds etc) if I try msfconsole it doesnt do anything!
I have also tried a different script that launches firefox and again nothing happens!
Now i know that php runs on the server and I m not expecting to see a console or firefox opening in the clients machine! Instead in order to check if it works I am trying to echo out the output of the shell_exec!But anyway since im hosting the files on my machine (i.e. this is the server and a VM is the client) if it could actually launch firefox i should be able to see the app opening here in the same way as by just doing this from the command line!
What am I missing?
Is there any other way to do this?(i.e. Launch metasploit everytime a user opens up my page)
NOTE: I've tried specifying the full path for msfconsole but that didnt work either!
Heres what I have so far:
$output = shell_exec('/opt/local/libexec/metasploit3/msfconsole;show');
echo "<pre>$output</pre>";
The ";show" bit was used in order to actually make it run something and print some stuff but didnt make any difference!
When you run a gui application from the command prompt in a X window system, it will use the default display. When you run it using php which is embedded in apache webserver, the program may not know where to display the gui application.
there are 2 things to make this work.
The program that executes the gui application must have permission to use display
you need to tell the program which display to use.
I used the following in my php script
<?php
$cmd = `export DISPLAY=:0; gedit`;
shell_exec($cmd);
?>
and ran the script from terminal using php -f test.php
I got the gedit up and running.
You can test the same with the script in apache too.
Please add apache user with privileges to access display server
update: I just added the following in /etc/apache2/apache2.conf (I am using ubuntu)
User poomalai
Group poomalai
and restarted the web server
sudo service apache2 restart
now I accessed localhost/test.php
and Presto!! I got the gedit :)
Hope this helps
Related
I have googled this a lot but none of the results I have found worked for me. So far, I have only tried to do this with php, but cgi, javascript or whatever works is fine with me, as long as it gets the job done.
I would like to access a certain URL on my debian webserver. Once opened in the browser, this file shall execute the following shell commands. No buttons or links. If possible, I'd like to just open the URL, then have the script being started.
ssh user#192.168.189.12 <<'ENDSSH'
osascript ~/Desktop/Scripts/script.scpt
When running this as a regular .sh file it works fine. I have created lockkeys so that no password is prompted when connecting from A to B. What can I do to trigger this from, for example, the browser on my smartphone?
I am not trying to connect directly from any device to the Mac containing script.scpt. It is essential that the debian server triggers it and that it is executed by the webserver.
I just started learning about terminal comments, scripts and so on, so I have very basic knowledge of the subject. Please be patient with me.
Thanks in advance for your help :)
for simplicity I prefer to create a bash script. Let's call it
/var/NONwebroot/sshcoolstuff.sh
#!/bin/bash
ssh user#192.168.189.12 <<'ENDSSH'
osascript ~/Desktop/Scripts/script.scpt
make sure it is executable
<?php
exec('/var/NONWwebroot/sshcoolstuff.sh');
?>
Now I'd recommend putting some protection on that PHP script. Either limit who has access to it by IP address, or a password, or both.
here is a test bash script for you
#!/bin/sh
cat > test << EOF
Hello World!
This is my test text file.
You
can also
have
a whole lot
more text and
lines
EOF
I'm playing with Raspberry Pi and anm Arduino shield in order to run a script via Apache/PHP. This script simple blink a LED. I have already tested the script via shell and it works fine, with the command
/root/arduPi/blink_test
I'm able to see my LED blinking. So I made the same thing via Apache PHP with this short PHP script
<?php
if(isset($_GET['cmd'])){
echo '/root/arduPi/'.$_GET['cmd'];
exec('/root/arduPi/'.$_GET['cmd']);
}
?>
but nothing happen and no error has been displayed.
I tested the PHP code with
<?php
phpinfo();
?>
and it's fine. How can I fix this problem?
I had the same issue a while back it was because Apache does not have permission to access certain devices on the Pi. I fixed this by getting rid of the need to be root to access these devices. HERE Is my post about this same issue the fix was to setup sudo as passwordless.
THIS is what I used to accomplish setting up sudo as passwordless. You should then be able to execute the script as follows exec('sudo /root/arduPi/'.$_GET['cmd']);
I'm running a bunch of local Kiosks on mac mini's and have been using dropbox to keep all the files in sync. However - the dropbox updates have been sketchy as of late because of the firewall settings where these things are. A workaround I have found is by having dropbox quit and restart periodically to force it to update.
My question is - since all of these are running php applications on MAMP - is there a way to launch a local app from php? I'm able to kill dropbox by doing something like this:
$killit = killall -KILL Dropbox;
But it doesn't work the same to restart it. I've tried doing this:
$start_dbox = open /Applications/Dropbox.app;
To no avail. Is there a better way to automate this process of shutting down and reopening a local application?
I've had similar problems trying to control software remotely. The 'open' command must be executed either as the currently logged in console user, or from a terminal owned by the console (e.g. Terminal.app).
If you change your PHP to redirect STDERR, you should see the error that 'open' is returning:
$start_dbox = "open /Applications/Dropbox.app 2>&1";
The following text should then be returned from the system call:
LSOpenURLsWithRole() failed with error -10810 for the file /Applications/Dropbox.app.
One workaround I've used in the past is to create a lock file somewhere in the filesystem, which your PHP script can write to and your console user can read. Then, you can create a cron that runs as the console user and periodically checks the lock file to see if it needs to restart Dropbox.
I was actually able to solve this by creating a shell script with the following:
#!/bin/sh
export DYLD_LIBRARY_PATH=""
osascript -e 'tell application "Dropbox" to activate'
Saved it as start_db.sh and dropped it in my root apache directory (so there was no permissions problem for that user).
Then in my php file I was able to do:
$start_dbox = exec('/full/path/to/start_db.sh');
Worked like a charm. Dropbox now quits and restarts with no issues.
First, I read some threads by people with similar problems but all answers didn't go beyond export DISPLAY=:0.0 and xauth cookies. So here is my problem and thanks in advance for your time!
I have developed a little library which renders shelves using OpenGL and GLSL.
Last few days I wrapped it in a php extension and surprisingly easy it works now.
But the problem is it works only when I execute the php script using the extension from commandline
$php r100.php(i successfuly run this from the http user). The script is in the webroot of apache and if I request it from the browser I get ** CRITICAL **: Unable to open display in apache's error_log.
So, to make things easier to test and to be sure that the problem is not in the library/extension, at the moment I just want to start xmms with following php script.
<?php
echo shell_exec("xmms");
?>
It works only from the shell too.
I've played with apache configuration so much now that I really dont know what to try.
I tried $xhost + && export DISPLAY=:0.0
In the http.conf I have these
SetEnv DISPLAY :0.0 SetEnv XAUTHORITY /home/OpenGL/.Xauthority
So my problem seems to be this:
How can I make apache execute php script with all privileges that the http user has, including the environment?
Additional information:
HTTP is in video and users groups and has a login shell(bash).
I can login as http and execute scripts with no problem and can run GUI programs which show up on display 0.
It seems that apache does not provide the appropriate environment for the script.
I read about some difference between CLI/CGI but cant run xmms with php-cgi too...
Any ideas for additional configuration?
Regards
Sounds bit hazard, but basically you can add even export DISPLAY=:0.0 to apache start-up script (like in Linux /etc/init.d/httpd or apache depending distro).
And "xhost +" need to be run on account which is connected to local X server as user, though I'm only wondering how it will work as php script should only live while apache http request is on-going.
Edit:
Is this is kind of application launcher?, you can spawn this with exec("nohub /usr/bin/php script.php &"); .. now apache should be released and php should continue working in background.
In your console, allow everyone to use the X server:
xhost +
In your PHP script, set the DISPLAY variable while executing the commands:
DISPLAY=:0 glxgears 2>&1
I work at a small computer shop, and we have to analyze windows minidumps all the time. My idea was to install the Windows Debugging Tools on a windows PC and use apache/PHP as an interface to it. That way I could just set up an HTML upload form that would accept the minidump file, run it through KD, then spit out the output.
It nearly works. I created a special user just for apache so I could assign it write privaleges to C:\symbols, and I use the following code:
<?php
$kdScript = "\"\\Program Files\\Debugging Tools for Windows (x86)\\kd.exe\" -c \"!analyze -v;Q\" -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -z ";
$kdScript .= $_FILES["myFile"]["tmp_name"];
$output = `$kdScript`;
print("<pre>$output</pre>");
?>
The problem I'm having is that the symbols are not downloaded as they should be. I've verified apache is running as the user I think it is by calling "whoami" from inside backticks. I've verified that I can run the windows version of wget from within backticks, so I have access to the network. I can file_put_contents() into a new file under C:\symbols, so I have file creation permissions.
Also, I tried having PHP simply output the command to the browser so I could copy and paste it into a terminal. I was able to run a command prompt as my apache user via "runas", paste the command from PHP's output into the prompt, and it worked as expected, downloading all the symbols it needed to C:\symbols. Of course, I had to point it to a dump file NOT in the PHP temp directory, but this shouldn't make a difference.
What could be the problem? Just as a side note, all of this is local on a trusted pc in a company that has a total of 3 employees/owners. Security for this project is irrelavent.
Not sure what your exact problem is, but the symbol server client code is finicky and not very debuggable, it took us lots of tinkering to implement our version of this. You can always direct folks there or use it yourself:
http://www.osronline.com/page.cfm?name=analyze
-scott