Text Box Contents Not Echoing Itself in shell_exec()

  • (2 Pages)
  • +
  • 1
  • 2

15 Replies - 497 Views - Last Post: 11 March 2014 - 09:29 AM Rate Topic: -----

#1 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:10 PM

I have been experiencing an issue while creating a shell executer for my local webserver, when I use code such as the following, it will not echo output after posting
<div class="Content" id="Content">
<form name="input" action="" method="post">
<div class="output" id="output" style="background-color:black;border-radius: 25px 25px 0px 0px;color:lime;">
<br />
<?php $input = $_POST["command"];
echo "$input"
?>
<b><font size="3"><font color="lime"><?php
$output = shell_exec('<?php echo $input ?>');
echo "$output"
?></font></font></b>
<?php
$DisplayForm = True;
if(isset($_POST['submit'])){
$DisplayForm = False;
}
if ($DisplayForm) {
?>
<font size="5">Enter a command</font>
<?php
}

?>
<br />
<br />
</div>
Command: <input type="text" name="command" placeholder="Ex. apt-get moo" required>
<hr />
<input type="submit" name="submit" value="Submit">
<?php
include('phpseclib/Net/SSH2.php');

$ssh = new Net_SSH2('192.168.2.12');
$ssh->login('admin', '***');

$ssh->read('[prompt]');
$ssh->write("sudo command\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>
</div>

This is all the code in the body, I've been using different combo's in shell_exec() such as $_POST["command"];
I know that I will need to clean up the PHP up a bit but I will do that once I figure out how to get this working. :smile2:/>

This post has been edited by ArtificialSoldier: 04 March 2014 - 04:56 PM
Reason for edit:: Removed password


Is This A Good Question/Topic? 0
  • +

Replies To: Text Box Contents Not Echoing Itself in shell_exec()

#2 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 383
  • View blog
  • Posts: 1,385
  • Joined: 15-January 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:16 PM

First off, that is extremely dangerous. Executing an arbitrary user-supplied command on your server is by far the #1 way to get your server compromised and hacked as quickly and efficiently as possible. I'm hesitant to even suggest any changes, are you really sure that you want to open your server up like that? Is that really the best way to accomplish what you're trying to do? What about picking from a list of known safe commands where you send an ID of the command to the server, PHP looks up the safe command associated by that ID in a whitelist, and executes the command?
Was This Post Helpful? 0
  • +
  • -

#3 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:18 PM

I do understand the risks, this is ran locally only so it doesn't run on the internet.
Was This Post Helpful? 0
  • +
  • -

#4 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 383
  • View blog
  • Posts: 1,385
  • Joined: 15-January 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:23 PM

If you really want to create a PHP backdoor to your server, which is entirely your choice as long as you understand it, then you just pass the command text straight to shell_exec.

shell_exec($input);

Although I have to say that if you couldn't figure out that code then it doesn't inspire a huge amount of confidence. Please tell me that you've been administering servers for the last 20 years and this is the first time you've messed with PHP. I'm not trying to be insulting or condescending, but sending user-supplied input to something like shell_exec is literally public enemy #1 when it comes to some of the awful ways that people think up to use PHP. Just keep in mind that anyone with access to that page can execute any system command they want. They can dump the contents of /etc/passwd, they can modify .htaccess to include their own code on every page request, etc. They can do anything you can do.

Seriously - public enemy #1. That is not an understatement.

I should also mention that if you're running this on someone else's server, they will be very unhappy with you and will call you mean names.

This post has been edited by ArtificialSoldier: 04 March 2014 - 04:25 PM

Was This Post Helpful? 2
  • +
  • -

#5 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:29 PM

Just to add, I will add a login as well to avoid any hacks just in case as well.

No worries about that man, the webserver is running off my RPi.
I've been using PHP many times before but I've not been exactly using the more advanced ones as of yet.
Was This Post Helpful? 0
  • +
  • -

#6 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 383
  • View blog
  • Posts: 1,385
  • Joined: 15-January 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:34 PM

Quote

Just to add, I will add a login as well to avoid any hacks just in case as well.

To be fair, that's pinning the security of your server on the assumption that no one will be able to hack or bypass the login system, or get a password from somewhere. The security of your login system takes on a whole new meaning when it is protecting a shell execution capability.
Was This Post Helpful? 0
  • +
  • -

#7 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:34 PM

Thanks, now I am going to work on that login.
This maybe a little off-topic but do you have any chance of knowing how to edit the OP?
Was This Post Helpful? 0
  • +
  • -

#8 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 383
  • View blog
  • Posts: 1,385
  • Joined: 15-January 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:35 PM

After you have 20 posts or something you'll be able to edit your posts. I can edit it for you if necessary.

This post has been edited by ArtificialSoldier: 04 March 2014 - 04:35 PM

Was This Post Helpful? 0
  • +
  • -

#9 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 04 March 2014 - 04:40 PM

In that case, can you edit the pass out? >.<
True, it feels pretty awkward to protect the shell execution page with a login, hopefully no one who is connected to my network would do such thing. :P
Was This Post Helpful? 0
  • +
  • -

#10 Lemur  Icon User is offline

  • Pragmatism over Dogma
  • member icon


Reputation: 1365
  • View blog
  • Posts: 3,443
  • Joined: 28-November 09

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 05 March 2014 - 07:42 PM

View PostCoolApps, on 04 March 2014 - 05:40 PM, said:

In that case, can you edit the pass out? >.</>
True, it feels pretty awkward to protect the shell execution page with a login, hopefully no one who is connected to my network would do such thing. :P/>


Never assume anything when it comes to security. You'll pay for it in blood before the day is out if you keep it up. Bad bad bad bad BAD idea.
Was This Post Helpful? 0
  • +
  • -

#11 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5304
  • View blog
  • Posts: 27,198
  • Joined: 10-May 07

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 06 March 2014 - 02:33 PM

View PostCoolApps, on 04 March 2014 - 06:29 PM, said:

Just to add, I will add a login as well to avoid any hacks just in case as well.

Right! Because no one ever gets past username & password. Ever.
Was This Post Helpful? 0
  • +
  • -

#12 Skydiver  Icon User is online

  • Code herder
  • member icon

Reputation: 3570
  • View blog
  • Posts: 11,096
  • Joined: 05-May 12

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 07 March 2014 - 08:09 PM

Or stumbles across an unattended session...
Was This Post Helpful? 0
  • +
  • -

#13 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 08 March 2014 - 02:03 AM

Alright, since you guys sound sarcastic, I assume that you have some ideas, I'm all open.
Was This Post Helpful? 0
  • +
  • -

#14 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 08 March 2014 - 02:12 AM

Ok, I've used a trusty tool called OWASP, I see that session hijacking is possible (a lot of sites have not fixed this).
It is not in a SQL or SQLi database so it is not injectable. :P
Anyway, I will start working on these fixes.

If people wants to get in then they will need to get through one layer of security (or in this case, the wireless router) so I don't really need to worry about it.
Was This Post Helpful? 0
  • +
  • -

#15 CoolApps  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 8
  • Joined: 04-March 14

Re: Text Box Contents Not Echoing Itself in shell_exec()

Posted 08 March 2014 - 02:20 AM

I sure need to correct the post above.

I know that it sound like that I am not caring about security but I do, I mean I have a lot of security layers as stated above.
It can only be loaded on my network since it is locally only for my network and that's it.
How do people know that I have some terminal page on my server and where I live? Lol.
I can still improve the security to the point where hijacking is not possible (maybe still possible, if so then harder), hopefully that should fill in the security holes. :)
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2