Press2Esc
join:2005-07-03
SC
 ·AT&T Southeast
| reply to cowboyro
Re: Executing a (DOS) command from webpage.
said by cowboyro  :No properly configured webhost will allow you to run system scripts. Now if you run your own webserver and properly configure your security it's a different story. I do it on my Apache/PHP/Win2003 but it's only for few predefined commands and the system requires authentication in the first place  Equally good to know. Once again, I am trying to get educated on the requirements. thx |
|
Press2Esc
join:2005-07-03
SC
·AT&T Southeast
| reply to Gwellin
said by Gwellin :In a PHP file (on the server) you would use the following line of code: thanks GWellin, this is helpful. |
|
JAAulde
yum yum yum yum yum
Premium,MVM
join:2001-05-09
Hagerstown, MD
| reply to tekmunki
Java |
|
tekmunki
Tekmunki
Premium
join:2001-12-06
Lake City, FL
clubs: 
·NuVox Communications
1 edit | reply to cowboyro
Java* would be a little more secure than executing arbitrary code.
Here's an example:
»forums.sun.com/thread.jspa?threa···=3587440 |
|
cowboyro
join:2000-10-11
Shelton, CT
 ·AT&T U-Verse
 ·Comcast
 ·Optimum Voice
| reply to Press2Esc
No properly configured webhost will allow you to run system scripts. Now if you run your own webserver and properly configure your security it's a different story. I do it on my Apache/PHP/Win2003 but it's only for few predefined commands and the system requires authentication in the first place |
|
Gwellin
Premium
join:2004-05-31
Regina, SK
·Access Communicati..
| reply to Press2Esc
There is nothing the system has to do beyond what it normally does to request the webpage. In other words, by contacting the server it learns the requesting computers public IP address, you simply need to output it. In a PHP file (on the server) you would use the following line of code:
--
Here to help all those in need, whenever I can. |
|
Press2Esc
join:2005-07-03
SC
·AT&T Southeast
| reply to Gwellin
said by Gwellin :Ya, running a local script from a browser is not going to happen, but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: » /whois This is a reasonable example of what I was originally asking about... In this case, a person would simply click on a link and, after they are redirected to a different url, the results of a system inquiry is displayed showing the PCs public IP addr. |
|
sdgthy
@optonline.net | reply to Press2Esc
echo |
|
Press2Esc
join:2005-07-03
SC
1 edit | reply to Press2Esc
(duplicate post) |
|
Gwellin
Premium
join:2004-05-31
Regina, SK
·Access Communicati..
| reply to JAAulde
said by JAAulde :said by Gwellin :...but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: » /whois Remembering that this gives the publicly addressable IP of the device which requested the page and that it may not be the same as the actual IP address of the computer the user is using. (NAT/NAPT/etc setups, some proxies, etc will cause this to vary) True, I was wondering if that's what he might actually want. If that's the case then that would not work.
However, if the web page is being hosted on the same network he might get a better result, assuming the network isn't too complicated.
--
Here to help all those in need, whenever I can. |
|
JAAulde
yum yum yum yum yum
Premium,MVM
join:2001-05-09
Hagerstown, MD
2 edits | reply to Gwellin
said by Gwellin :...but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: » /whois Remembering that this gives the publicly addressable IP of the device which requested the page and that it may not be the same as the actual IP address of the computer the user is using. (NAT/NAPT/etc setups, some proxies, etc will cause this to vary) |
|
Gwellin
Premium
join:2004-05-31
Regina, SK
·Access Communicati..
| reply to Press2Esc
Ya, running a local script from a browser is not going to happen, but sending them to a simple webpage can just as easily give them their IP address to copy and paste. Just look here: »/whois
--
Here to help all those in need, whenever I can. |
|
JAAulde
yum yum yum yum yum
Premium,MVM
join:2001-05-09
Hagerstown, MD
| reply to Press2Esc
Yeah, executing local scripts just isn't going to happen. I suppose it is possible to write a small app that you could convince the individual to download and run which would produce output that they could supply back to you. But that isn't much better than your current situation. |
|
Press2Esc
join:2005-07-03
SC
·AT&T Southeast
| reply to Press2Esc
WOW, what a quick response from the group - thx.
Basically, as you guys per empathize, I also provide tech support at BBR and various online forums for people struggling with broadband and SMB networks. Soooo, per my example, if I was able to reference an online html "webpage" or send someone an html-based email asking the recipient for their ip address, I would not need to (1) understand the person level of comprehension and (2) provide them with wordy "do-this, then do-this and if this, do-this" instructions..
If the person needing assistance were able to click on an email or webpage link that LOCALLY executes the ipconfig command, it would sure make life ez. This is especially true for the end-users who have a lifetime subscription to the "... for dummies" books..
In a past life, as a former programmer, allows me to understand coding, but certainly less is best.
Thanks again, for your great and timely responses!!
P2E |
|
JAAulde
yum yum yum yum yum
Premium,MVM
join:2001-05-09
Hagerstown, MD
| reply to johnnyboyct
Among other ways. But DO NOT EVER DO THIS without excellent understanding of programming and exploits. And NEVER (an exaggeration, but listen to it for now) NEVER use input from the user in what you pass to exec or the other methods of accomplishing this.
--
No eat apple, eat cookie. Apple spoil dinner.
My Development Sandbox | Blessed Beyond Reason | LinkedIn Profile |
|
johnnyboyct
join:2003-06-11
Newington, CT | reply to Press2Esc
In php you can do exec »us.php.net/function.exec |
|
Vchat20
Landing is the REAL challenge
join:2003-09-16
Warren, OH
clubs:
| reply to Press2Esc
If it's the latter and you want to execute these commands on the web server then yes, it is possible. But you would need to learn a little bit of php or perl for starters. Both have existing functions to execute a command line application locally.
Keep in mind though that the user the web server is running under needs permissions to execute the application you are calling.
--
I swear, some people should have pace-makers installed to free up the resources. Breathing and heart beat taxes their whole system, all of their brain cells wasted on life support.-two bit brains, and the second bit is wasted on parity! ~head_spaz |
|
JAAulde
yum yum yum yum yum
Premium,MVM
join:2001-05-09
Hagerstown, MD | reply to Press2Esc
Do you mean you want to execute commands on the computer on which the browser is running? Or do you mean you want to execute commands on the server via a web interface? |
|
sdgthy
@optonline.net | reply to Press2Esc
No, that would be a major security hole. |
|
Press2Esc
join:2005-07-03
SC
·AT&T Southeast
| Is there an "easy" method to execute command line command (or batch file) & display (push) the command results window in an HTML file.
For example, if I wanted to demo and display the "ipconfig" command via HTML.
I am not a programmer, so be gentle... |
|
