rrshell - my PHP AJAX remote shell

 
Post new topic   Reply to topic    Aprelium Forum Index -> Off Topic Discussions
View previous topic :: View next topic  
Author Message
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Mon Mar 03, 2008 5:19 am    Post subject: rrshell - my PHP AJAX remote shell Reply with quote

I made a PHP AJAX Remote Shell. You can type commands and the shell will run them on the server and return the output. I recommend you at least put this script behind some HTTP authentication.

Download: http://files.randomresources.org/rrshell.zip
Screenshot:


I've tested it in Firefox and IE7 and it works flawlessly to my knowledge.
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Wed Mar 12, 2008 2:44 am    Post subject: Reply with quote

I changed the code a bit. No one has tried it?
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Wed Mar 12, 2008 4:52 am    Post subject: Reply with quote

Wow! This looks promising! I actually need this! Well actually, I have another way but this route is much cooler and probably faster!

However, I get this:

Thanks for making this, Blake!
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855

PostPosted: Wed Mar 12, 2008 9:57 am    Post subject: Reply with quote

Couldn't this be caused by having register_globals switched off?
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Wed Mar 12, 2008 10:18 am    Post subject: Reply with quote

I already have register_globals turned off. I also tried turning it on but the same thing happens.

I edited shell.php, and inserted
Code:
echo '<br />The value of $cmd is '.$cmd.'. <br />';

right after
Code:
$cmd = $_GET['cmd'];

and I was surprised to get
Code:
>rrshell 0.2 [Windows_NT, PHP 5.0.3]
>-----------------------------------

The value of $cmd is whoami?cmd=whoami.
>whoami?cmd=whoami


I don't know anything about AJAX and maybe it must be at fault? It doesn't make sense to me why the value of $_GET['cmd'] nor $_REQUEST['cmd'] (as I tested) would include the token variable name. Maybe the problem lies in index.php? I'm still trying to sort it out.
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Wed Mar 12, 2008 1:20 pm    Post subject: Reply with quote

That's strange. Could you goto /shell.php?cmd=echo%20hi and tell me what it gives you? I'm trying to make sure this isn't an AJAX problem or something with index.php.

Edit: What browser do you use? Could this be client side somehow?
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Thu Mar 13, 2008 2:46 am    Post subject: Reply with quote

*cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* *cough* sorry *cough* *cough* *cough* *cough* *cough* *cough* this is classic case of pebkac *cough* *cough* *cough* *cough* *cough* one of my URL Rewriting rules was at fault *cough* *cough* *cough* *cough* *cough* sorry again *cough* *cough* *cough* *cough*

:-D I finally figured out why when I did /shell.php?cmd=echo%20hi as you said and it insisted on telling me: "The value of $cmd is echo hi?cmd=echo hi. " Sorry. I'm only human *cough* :-D.

OK. One thing to remember now is that the script runs on an alternate permissions set:
Code:
>rrshell 0.2 [Windows_NT, PHP 5.0.3]
>-----------------------------------

The value of $cmd is whoami.
>whoami
NT AUTHORITY\SYSTEM


The value of $cmd is echo hi.
>echo hi
hi

_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Thu Mar 13, 2008 3:49 am    Post subject: Reply with quote

Glad you got it to work, I wondered how that could happen. So any improvement ideas? I'd kind of like to improve the interface a little, any specific ideas?
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Thu Mar 13, 2008 3:49 am    Post subject: Reply with quote

Just a quick question. Why is it do I get quirky linebreaks and spacing when I issue a dir command?



How do you think should I remedy that?
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Thu Mar 13, 2008 11:02 pm    Post subject: Reply with quote

The problem is that the dir command returns results with "<dir>" in them which is an old HTML element. It is similar to a list when used properly...obviously it isn't here and there is no closing tag (because dir doesnt return HTML :P).

I updated it to fix that, just download it again.
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Fri Mar 14, 2008 6:43 am    Post subject: Reply with quote

Nice simple tweak on htmlentities for removing html tags. Thanks.

Of course, a settings area would be nice - where we can maybe configure the viewing window size, font size, font face, font color, etc. But these are cosmetic and the code is short anyway so I/we can easily hack away at it.

One thing to improve on is the auto-scroll effect when the output goes through the bottom of the viewing window. It does not work on my Firefox 2.0.0.12.

You might also want to sign this thing and put your name, website or something on it. This is a simple but fantastic piece of a tool and I believe you should be proud of it.

I noticed that this thing uses a Microsoft object ActiveXObject("Microsoft.XMLHTTP") - does this thing work only on MS Windows servers?
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
Tom Chapman
-


Joined: 09 Jul 2005
Posts: 933
Location: Australia

PostPosted: Fri Mar 14, 2008 4:50 pm    Post subject: Reply with quote

You could simplify your javascript by using a framework such as mootools which is 100% cross-browser.

e.g. http://demos.mootools.net/Ajax

http://mootools.net/
Back to top View user's profile Send private message Visit poster's website MSN Messenger
roganty
-


Joined: 08 Jun 2004
Posts: 357
Location: Bristol, UK

PostPosted: Fri Mar 14, 2008 7:53 pm    Post subject: Reply with quote

loloyd wrote:
I noticed that this thing uses a Microsoft object ActiveXObject("Microsoft.XMLHTTP") - does this thing work only on MS Windows servers?


It's working for me, and I'm using Abyss on Fedora 7

loloyd wrote:
One thing to improve on is the auto-scroll effect when the output goes through the bottom of the viewing window. It does not work on my Firefox 2.0.0.12.

Same thing with my version of Firefox (2.0.0.3)

Also, the function getenv() isn't returning anything, the line at the top reads
Code:
>rrshell 0.2 [, PHP 5.2.2]


Other than that, thanks!
_________________
Anthony R

Roganty
| Links-Links.co.uk
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Sat Mar 15, 2008 3:34 am    Post subject: Reply with quote

I'll look into the scrolling issues, I've noticed it too. I've been wanting to add customization also and I think I'll make a settings overlay you can pop up to change some stuff, luckily I've done something like that on another project.

Edit: Roganty, I found another way to detect the OS that should work for all OS's.

An update will come soon.

Tom Chapman wrote:
You could simplify your javascript by using a framework such as mootools which is 100% cross-browser.

e.g. http://demos.mootools.net/Ajax

http://mootools.net/
I'd rather stick to some of my own custom JavaScript...and it will be smaller that way. I won't learn much using a library.

loloyd wrote:
I noticed that this thing uses a Microsoft object ActiveXObject("Microsoft.XMLHTTP") - does this thing work only on MS Windows servers?
No, it does the following: Check if ActiveX works (or in other words if we're using IE). If so it uses IE's XMLHTTP activex control; otherwise it uses the XMLHttpRequest which non MS browsers have (Firefox, Opera, etc). If you look at other people's AJAX code, this is what is done...it might look different though since I use the ternary operator instead of try and catch.
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Sun Mar 16, 2008 10:30 pm    Post subject: Reply with quote

Alright, a big update. Now you can change the font, size, colors, etc. I also fixed the OS detection. I'm not sure how to make the auto scrolling any better though.

http://files.randomresources.org/rrshell.zip
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Tom Chapman
-


Joined: 09 Jul 2005
Posts: 933
Location: Australia

PostPosted: Sun Mar 16, 2008 11:06 pm    Post subject: Reply with quote

rrinc wrote:
Alright, a big update. Now you can change the font, size, colors, etc. I also fixed the OS detection. I'm not sure how to make the auto scrolling any better though.

http://files.randomresources.org/rrshell.zip


Tom Chapman wrote:
http://mootools.net/
Back to top View user's profile Send private message Visit poster's website MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Mon Mar 17, 2008 6:09 am    Post subject: Reply with quote

Tom Chapman wrote:
http://mootools.net/

mootools may be more fashion conscious than necessary. there are other javascript frameworks that are exhaustively performance oriented - like jquery.

http://jquery.com/

but i doubt blake will use any of these js frameworks as it will unnecessarily bloat rrshell for just a simple scrolling problem. although, it would do us good, interestingly, if mr tom chapman can show us a working rrshell revision that has mootools incorporated in it.

re: activex control - my slip is showing. i thought this was server side, i've come to realize that this is client side. it clearly shows my deficiency in javascript/ajax programming. :-P
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Mon Mar 17, 2008 7:09 am    Post subject: Reply with quote

sorry for double-posting but...

i'm getting intrigued why the line
document.getElementById('shell').scrollTop = document.getElementById('shell').scrollHeight;
doesn't appear to work. a clue from extensive testing tells me that the scrolling happens even before the original shell command completes. you will notice this when you do the following:

1. fill the screen until you have around 2 pagefuls of information. once you have that, scroll back to the top-most. scroll way back to the real top-most - until you get to the (something like):
Code:
>rrshell 0.3 [WINNT, PHP 5.0.3]
>-----------------------------------

2. next, issue a simple "dir" comand (or anything equivalent in your shell). you will notice that the window scrolls indeedy to the bottom but around the time (either before or after) you issued the last "dir" command. this tells me that the scroll has indeed occurred before the output of the last command has been completely displayed. this particularly happens when you have a very long dir output.

so, i guess rrinc (or others) can resolve this issue by ensuring that the entirety of any given command has been displayed first before doing the scrolling directive. i don't know how to do this. :-P

also, might i suggest a cls (clearscreen) feature. thanks a whole bunch! this freakin' tool rocks!
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Tue Mar 18, 2008 3:04 am    Post subject: Reply with quote

Yeah I understand the scrolling issue. I'm just not certain of how to fix it.

I'll add a clear screen button or something (doing it with a command might interfere with the need to run a real command...unlikely but still). Are there any other customization settings you think I should add?
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Tue Mar 18, 2008 8:10 am    Post subject: setTimeout Reply with quote

Quote:
Yeah I understand the scrolling issue. I'm just not certain of how to fix it.

Searching through the net, I came across setTimeout. This fix appears to work on local LAN scenarios:

1. Insert:
Code:
  function waitb4scroll() {
    document.getElementById('shell').scrollTop = document.getElementById('shell').scrollHeight;
  }
immediately before
Code:
  function sendcmd() {

2. Then, insert
Code:
    setTimeout('waitb4scroll()', 1000);
right before
Code:
  }
  function toggle(id)
  {
.

From what I understand, this gives a delay of at least a second before the 'shell' window scrolls to the bottom. This is not the ideal solution obviously, but I guess it works well in most LAN environments. Playing with the 1000 milliseconds value would be left to the administrator, I guess. I seriously doubt it would work acceptably in WAN scenarios.

The better approach I'm looking for would involve something like:
Code:
while (document.getElementById('cmd').value != '') {
//do some waiting while yielding to other instructions
//... how is this done in JavaScript?
}
document.getElementById('shell').scrollTop = document.getElementById('shell').scrollHeight;


The idea is to wait/yield to other instructions until the element 'cmd' has been reset to an empty string before doing the scroll. I just don't know how to do this in JavaScript.

Quote:
I'll add a clear screen button or something (doing it with a command might interfere with the need to run a real command...unlikely but still). Are there any other customization settings you think I should add?

I concur that is the best approach for clearing the screen. Messing too much with the inputs would potentially screw a few shell directives.

Have you tried issuing a "dir c:\"? When I do this over LAN, it goes well. But when I do this over WAN, the directive sent becomes "dir c:\\". But I have to investigate further. My own settings may be at fault again *sigh*.

So far I don't have anything else yet to add to the customization settings. I can appreciate the simplicity of it all as of yet. Thanks.
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Wed Mar 19, 2008 2:01 am    Post subject: Reply with quote

Clear button added. And I fixed the scrolling issue (I just changed the placement of the scrolling code)...your solution was too elaborate. :P

I'll just keep the version number the same.

http://files.randomresources.org/rrshell.zip
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Wed Mar 19, 2008 5:18 am    Post subject: Reply with quote

Hahaha. I was still playing around with setTimeout as I was hoping to see some scroll-while-you-wait functionality. Hahaha, no matter how I tried, it appears, from my little newbish experience only, that setTimeout has got a lot of issues - sometimes it apparently hangs my Firefox 2.0.0.12 browser. All this is funny because only a simple repositioning of a single statement would make my efforts look silly.

Also, I observed that the scroll-while-you-wait functionality was not really achievable via the simplistic route:
Code:
$results = nl2br(htmlentities(shell_exec($cmd)));
echo $results;
...
el.innerHTML = el.innerHTML + '<br />' + x.responseText;
I mean, we wouldn't be able to get any dynamic output here. What was I thinking? :-P

In my scroll-while-you-wait tests, I did some pretty long shell commands:
dir c:\windows\system32 /s /a
dir c:\ /s /a
:-P

OK, back to comments for improvements. I am interested in seeing a:
document.getElementById('cmd').disabled = true;
after
var id='shell';
in function sendcmd(). Of course, this should be paired with a:
document.getElementById('cmd').disabled = false;
after
document.getElementById('cmd').value = '';
within the same function. By doing this, we are eliminating multiple pending cmd sends that would sometimes produce long results.
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Wed Mar 19, 2008 11:50 pm    Post subject: Reply with quote

That's not a bad idea, I might add it for the next version. I'll wait for another feature or fix before I release another version though...so more ideas are welcome.
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Off Topic Discussions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group