Text only | Text with Images

Valhalla Legends Archive

Programming => Web Development => Topic started by: quasi-modo on May 01, 2004, 10:44 AM

Title: cmd.exe from the server
Post by: quasi-modo on May 01, 2004, 10:44 AM
http://quasi-ke.servebeer.com/ping.asp
just thought it would be cool to try and run command prompt from the server, you could have a lot of fun with stuff like this. I coppied comd.exe into a sub dir on my c drive because I did not want to iusr read and execute permissions on that file in my windows dir.
Title: Re:cmd.exe from the server
Post by: MyndFyre on May 01, 2004, 01:00 PM
You should write an ISAPI extension so that it redirects stdout to the webpage directly, and then make it not send the content-length header so that the command streams to the browser (like webchannel works).
Title: Re:cmd.exe from the server
Post by: quasi-modo on May 02, 2004, 12:23 AM
well I could just ping from asp.net using system.net.sockets too, but this was only about 3 lines of code  :P, plus its cool to execute command prompt from the internet, it just sounds awesome (and insecure  :-X). Infact earlier today, I copied over ping.exe and took out the cmd /c ping ip, changed it to ping.exe /c ip, just so I do not have a fully copy of command prompt sitting in a dir with iusr permissions set.
Title: Re:cmd.exe from the server
Post by: Banana fanna fo fanna on May 02, 2004, 04:27 PM
Using cmd.exe from a web page is a BAD idea. Append | dir to the end of hte IP
Title: Re:cmd.exe from the server
Post by: quasi-modo on May 02, 2004, 10:13 PM
Quote from: St0rm.iD on May 02, 2004, 04:27 PM
Using cmd.exe from a web page is a BAD idea. Append | dir to the end of hte IP
Like I said in my last post, I am using ping.exe as I said now, which destroys almost all of the insecurity, I just had to disable the -l -t -n etc by replacing " " with "". Plus, I could also do this with a batch file if I wanted to. Keep in mind, this is not functional code, I would not only not use this on one of my sites, but there is no way to very well do it. I am doing a site for a chruch, who used to run the server from their biz class cable, but now moves to a host, and hosts do not allow you to upload .exe files or batch files for just this reason, so you cannot delete a butt load of critical files. Besides their would be no reason for me to use this on a church site. The only time where this would be handy is to ping a game server for a site, but like I said, if I wanted to do something like that I would write it  with system.net.sockets because of not being able to upload that to a host. I aggree that it is a bad idea to use this for the real world, I just wanted to play with it. You have to aggree, it is pretty cool, you can run dos commands on a server from a web page.
Title: Re:cmd.exe from the server
Post by: Hitmen on May 02, 2004, 10:20 PM
Quote from: peofeoknight on May 02, 2004, 10:13 PM
I just had to disable the -l -t -n
That was the first thing I tried when I saw it :p
Title: Re:cmd.exe from the server
Post by: quasi-modo on May 02, 2004, 10:21 PM
Quote from: Hitmen on May 02, 2004, 10:20 PM

That was the first thing I tried when I saw it :p
yep, first thing I thought of too  :D
Text only | Text with Images