• Welcome to Valhalla Legends Archive.
 

cmd.exe from the server

Started by quasi-modo, May 01, 2004, 10:44 AM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

quasi-modo

May 01, 2004, 10:44 AM Last Edit: May 01, 2004, 10:45 AM by peofeoknight
http://quasi-ke.servebeer.com/ping.asp
just thought it would be cool to try and run command prompt from the server, you could have a lot of fun with stuff like this. I coppied comd.exe into a sub dir on my c drive because I did not want to iusr read and execute permissions on that file in my windows dir.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

MyndFyre

#1
May 01, 2004, 01:00 PM
You should write an ISAPI extension so that it redirects stdout to the webpage directly, and then make it not send the content-length header so that the command streams to the browser (like webchannel works).
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

quasi-modo

#2
May 02, 2004, 12:23 AM Last Edit: May 02, 2004, 12:26 AM by peofeoknight
well I could just ping from asp.net using system.net.sockets too, but this was only about 3 lines of code  :P, plus its cool to execute command prompt from the internet, it just sounds awesome (and insecure  :-X). Infact earlier today, I copied over ping.exe and took out the cmd /c ping ip, changed it to ping.exe /c ip, just so I do not have a fully copy of command prompt sitting in a dir with iusr permissions set.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Banana fanna fo fanna

#3
May 02, 2004, 04:27 PM
Using cmd.exe from a web page is a BAD idea. Append | dir to the end of hte IP

quasi-modo

#4
May 02, 2004, 10:13 PM Last Edit: May 02, 2004, 10:20 PM by peofeoknight
Quote from: St0rm.iD on May 02, 2004, 04:27 PM
Using cmd.exe from a web page is a BAD idea. Append | dir to the end of hte IP
Like I said in my last post, I am using ping.exe as I said now, which destroys almost all of the insecurity, I just had to disable the -l -t -n etc by replacing " " with "". Plus, I could also do this with a batch file if I wanted to. Keep in mind, this is not functional code, I would not only not use this on one of my sites, but there is no way to very well do it. I am doing a site for a chruch, who used to run the server from their biz class cable, but now moves to a host, and hosts do not allow you to upload .exe files or batch files for just this reason, so you cannot delete a butt load of critical files. Besides their would be no reason for me to use this on a church site. The only time where this would be handy is to ping a game server for a site, but like I said, if I wanted to do something like that I would write it  with system.net.sockets because of not being able to upload that to a host. I aggree that it is a bad idea to use this for the real world, I just wanted to play with it. You have to aggree, it is pretty cool, you can run dos commands on a server from a web page.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Hitmen

#5
May 02, 2004, 10:20 PM Last Edit: May 02, 2004, 10:20 PM by Hitmen
Quote from: peofeoknight on May 02, 2004, 10:13 PM
I just had to disable the -l -t -n
That was the first thing I tried when I saw it :p

quasi-modo

#6
May 02, 2004, 10:21 PM Last Edit: May 02, 2004, 10:22 PM by peofeoknight
Quote from: Hitmen on May 02, 2004, 10:20 PM

That was the first thing I tried when I saw it :p
yep, first thing I thought of too  :D
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle
Print
|
Go Up Pages1
User actions