Re: Executing a (DOS) command from webpage. in Webmasters and Developers

Re: Executing a (DOS) command from webpage.

Tue, 29 Jul 2008 13:36:03 EDT

said by cowboyro :

No properly configured webhost will allow you to run system scripts. Now if you run your own webserver and properly configure your security it's a different story. I do it on my Apache/PHP/Win2003 but it's only for few predefined commands and the system requires authentication in the first place :)

Equally good to know. Once again, I am trying to get educated on the requirements. thx

Re: Executing a (DOS) command from webpage.

Tue, 29 Jul 2008 13:32:42 EDT

Press2Esc :

said by Gwellin :

In a PHP file (on the server) you would use the following line of code:

thanks GWellin, this is helpful.

Re: Executing a (DOS) command from webpage.

Tue, 29 Jul 2008 13:23:53 EDT

JAAulde :

said by tekmunki :

Javascript would be a little more secure than executing arbitrary code.

Here's an example:
»forums.sun.com/thread.jspa?threa···=3587440

Java

Re: Executing a (DOS) command from webpage.

Tue, 29 Jul 2008 13:18:55 EDT

tekmunki : Java* would be a little more secure than executing arbitrary code.

Here's an example:
»forums.sun.com/thread.jspa?threa···=3587440

Re: Executing a (DOS) command from webpage.

Tue, 29 Jul 2008 10:20:11 EDT

cowboyro : No properly configured webhost will allow you to run system scripts. Now if you run your own webserver and properly configure your security it's a different story. I do it on my Apache/PHP/Win2003 but it's only for few predefined commands and the system requires authentication in the first place :)

Re: Executing a (DOS) command from webpage.

Tue, 29 Jul 2008 00:52:47 EDT

Gwellin : There is nothing the system has to do beyond what it normally does to request the webpage. In other words, by contacting the server it learns the requesting computers public IP address, you simply need to output it. In a PHP file (on the server) you would use the following line of code:

--
Here to help all those in need, whenever I can.

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 23:14:21 EDT

Press2Esc :

said by Gwellin :

Ya, running a local script from a browser is not going to happen, but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: »/whois

This is a reasonable example of what I was originally asking about... In this case, a person would simply click on a link and, after they are redirected to a different url, the results of a system inquiry is displayed showing the PCs public IP addr.

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 22:02:35 EDT

anon : echo

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 16:54:16 EDT

Press2Esc : (duplicate post)

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 13:50:14 EDT

Gwellin :

said by JAAulde :

said by Gwellin :

...but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: »/whois

Remembering that this gives the publicly addressable IP of the device which requested the page and that it may not be the same as the actual IP address of the computer the user is using. (NAT/NAPT/etc setups, some proxies, etc will cause this to vary)

True, I was wondering if that's what he might actually want. If that's the case then that would not work.

However, if the web page is being hosted on the same network he might get a better result, assuming the network isn't too complicated.
--
Here to help all those in need, whenever I can.

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 13:38:44 EDT

JAAulde :

said by Gwellin :

...but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: »/whois

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 13:33:57 EDT

Gwellin : Ya, running a local script from a browser is not going to happen, but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: »/whois
--
Here to help all those in need, whenever I can.

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 11:06:37 EDT

JAAulde : Yeah, executing local scripts just isn't going to happen. I suppose it is possible to write a small app that you could convince the individual to download and run which would produce output that they could supply back to you. But that isn't much better than your current situation.

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 11:01:49 EDT

Press2Esc : WOW, what a quick response from the group - thx.

Basically, as you guys per empathize, I also provide tech support at BBR and various online forums for people struggling with broadband and SMB networks. Soooo, per my example, if I was able to reference an online html "webpage" or send someone an html-based email asking the recipient for their ip address, I would not need to (1) understand the person level of comprehension and (2) provide them with wordy "do-this, then do-this and if this, do-this" instructions..

If the person needing assistance were able to click on an email or webpage link that LOCALLY executes the ipconfig command, it would sure make life ez. This is especially true for the end-users who have a lifetime subscription to the "... for dummies" books..

In a past life, as a former programmer, allows me to understand coding, but certainly less is best.

Thanks again, for your great and timely responses!!

P2E

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 08:27:34 EDT

JAAulde :

said by johnnyboyct :

In php you can do exec »us.php.net/function.exec

Among other ways. But DO NOT EVER DO THIS without excellent understanding of programming and exploits. And NEVER (an exaggeration, but listen to it for now) NEVER use input from the user in what you pass to exec or the other methods of accomplishing this.
--
No eat apple, eat cookie. Apple spoil dinner.

My Development Sandbox | Blessed Beyond Reason | LinkedIn Profile

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 08:15:10 EDT

johnnyboyct : In php you can do exec »us.php.net/function.exec

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 08:13:44 EDT

Vchat20 : If it's the latter and you want to execute these commands on the web server then yes, it is possible. But you would need to learn a little bit of php or perl for starters. Both have existing functions to execute a command line application locally.

Keep in mind though that the user the web server is running under needs permissions to execute the application you are calling.
--
I swear, some people should have pace-makers installed to free up the resources. Breathing and heart beat taxes their whole system, all of their brain cells wasted on life support.-two bit brains, and the second bit is wasted on parity! ~head_spaz

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 07:29:23 EDT

JAAulde : Do you mean you want to execute commands on the computer on which the browser is running? Or do you mean you want to execute commands on the server via a web interface?

Re: Executing a (DOS) command from webpage.

Mon, 28 Jul 2008 00:08:18 EDT

anon : No, that would be a major security hole.

Executing a (DOS) command from webpage.

Sun, 27 Jul 2008 23:21:48 EDT

Press2Esc : Is there an "easy" method to execute command line command (or batch file) & display (push) the command results window in an HTML file.

For example, if I wanted to demo and display the "ipconfig" command via HTML.

I am not a programmer, so be gentle...