Suppose I had a console app in the terminal I created using C language, shouting "Hello world!"
The program is called hello.exe.
I upload hello.exe to static server.
Now I can download the file by typing the following address in the chrome.
http://localhost:8080/hello.exe
Or I can get a Blob object using the http method in Nodejs.
Is there a way to run this obtained Blob object right away without making a file? And get string Hello world!
No similar topics were found.
Do I need to create and run the file and erase it right away?
I want is for the files to run and not remain on my PC.
I'm not aware of any way to run an .exe file without first putting it on disk. You would essentially need to write your own exe loader that worked from memory instead of disk and that would be no small effort.
Keep in mind that a client that just automatically runs some executable it gets from a URL like http://somedomain.com/hello.exe without any user intervention could be a very dangerous client as rogue web servers could send it any arbitrary executable that did all sorts of harm (viruses, ransom-ware, etc...).
Do I need to create and run the file and erase it right away?
Yes, erase it after the program is done running.
I want is for the files to run and not remain on my PC.
You will just have to clean it up at some point after it has run. If you have a programmatic client, it should be no big deal to put the file in an application-level temporary directory that your app can regular clean up. If this is from a browser, then he user controls where the file goes on disk and the user controls when it gets deleted - you can't manage that yourself from within a webpage.
Or I can get a Blob object using the http method in Nodejs.
You can download a binary. Not sure exactly what you're asking here.
Related
Good day!
There are PHP scripts, classes, configs. All this stuff is interconnected, I need to give a person access to the server so that he works (started under the root) with these scripts, while changing only the config files, and in order to not be able to view the source code.
I've researched various free obsfukators which converting code into something:
<?php include(base64_decode('Li4vY29uZmlnLnBocA=='));include(base64_decode('cHJpdmF0ZS92ZW5kb3IvYXV0b2xvYWQucGhw'));$krc_5bf7f45b=[];foreach($bhi_6f9322e1as $xol_e8b7be43){$xol_e8b7be43=explode(base64_decode('Og=='),$xol_e8b7be43);try{$uic_c59361f8=new \xee_d9cb1642\cko_659fc60();$uic_c59361f8->ldc_aa08cb10($xol_e8b7be43[0],$xol_e8b7be43[1]);$krc_5bf7f45b[]=$uic_c59361f8;}catch(Exception $wky_efda7a5a)
What if the files of configs have variable names and it turns out that when obfuscating the main working code, the variables have different names? Not to force the user to run through the obsfukation corrected config every time? So far, this option seems the only one.
Is it possible inside the server under Ubuntu to somehow limit the ability to copy or view or download certain files or make some other methods of protection-hiding, but at the same time with the ability to run this code. It was thought to hide the code somewhere in the depths of the file system folders, calling them random names, and run them somehow through the symlinks by the file name or something like that. Is it possible to?
Option not to provide root access to the server, but to launch via the browser, to give access only to FTP to upload the config to a separate folder. But there are a number of points - all scripts run up to a week, and must be executed as root. How to solve it?
For a future project, I need to track user activity to record their productivity time. I want to detect which file is currently open in apps like Adobe Photoshop for example and detect when the user switches to other app or another file/tab.
To make my desktop app, I wish to use electron JS
Can you just give me some tracks to follow ?I don't find any nodejs library that allow me to do that, but I know that is possible because it already done with electron apps like:
Chronos https://electronjs.org/apps/chronos-timetracker
Paymo https://electronjs.org/apps/paymo-time-tracker
ScreenAware https://electronjs.org/apps/screenaware
And an other App which not seems to be built with electron :
https://desktime.com/features
Thanks for your help
node.js doesn't have the capabilities you require, however it can call external programs to get the job done. The way I see it, you would need to have a PowerShell script (or C# program) to get the active window from the operating system, and find all open file handles for the process behind that window. You would invoke this script from node, and build your gui around it.
A good starting point is this module active-window which works exacty as I described: a nodejs process calls some external scripts (in bash/PowerShell) that use OS specific primitives to get the active window.
To get the list of files opened by a process, you could use the handle utility from Sysinternals. However you may run into a small problem: apps like Photoshop usually don't keep the file handle open, they just open it when saving the file. This means that you won't always be able to detect open files. I guess trial and error is your friend here.
To find open tabs, it's more complicated. Tabs usually indicate the internal state of an app, and this information is held in memory. Some apps might offer an API, but that's not guaranteed. I guess screenshots are the way to go here.
Could you please tell me the way to get internal table data in excel file to be saved in local desktop (presentation server). Remember that the report runs in background.
Both requirements a contradictionary because a backround job does not have any connection to any SAPGui. I.e. there is no SAPGui connection linked to a background job ans thus it is not possible to determine onto which local desktop the excel file should be saved.
A possibility would be to store the results that are created in the backround job somehow and externalize the save to a local desktop into another program. When creating files on the SAP AS you should keep in mind what happens with these file after they are not needed any longer. I.e. you need to do the file maintenance (deletion of files after they are not needed any longer) your self.
Theoretically you can do this, if you create the file on a SAP AS and move this file using any shell file move command. However, it's a bad practice to make any connection from SAP AS to a user's machine.
The best solution here is to create the file on SAP AS. The user must download the file manually from the SAP AS. You can also send this file to a user for example per e-mail. The user will do no manual work in the last case.
Also a good practice is to use PI server functionality. It can deliver your file within a way the user wants to have.
We have to fix some security vulnerability in our system, and one of the items is to: disable execution of uploaded scripts/exe's through file upload control.
We have excel upload facility. Lets say hypothetically hacker changes the .exe to .xls and uploads it (there are ways to block that, but ignore that for now). Also assume that
the upload folder is within pubilc directory from where the website is installed in IIS. OR
Someone can access that file by specifying a full path of file thru some api endpoint of which hacker is aware of
Now given that there is an exe or a script which is accessible to the hacker through above means, is it possible for hacker to run that script/exe in someway, so that it can cause harm to the server where the site is hosted?
I am not really security expert hence cant think ways how that can be possible? How a hacker can remotely run exe/script on server, given that they does not have any access to the server.
One of the things that you should definitely do is to remove IIS handlers permissions from running scripts, otherwise anybody can upload a ".asp" or a ".aspx" or any other script engine file and then execute it by requesting it. One simple way to test that is just create a "test.asp" file with "<%= Now() >" and if that returns you the date, then anybody can upload scripts and run them in your server.
The way to disable that in IIS 7+ would be to add a configuration file in a parent directory and edit the permission for handlers, for example assuming a child folder called "public" you can drop the following web.config to disable that:
<configuration>
<location path="public">
<system.webServer>
<handlers accessPolicy="Read" />
</system.webServer>
</location>
</configuration>
You can test then that it should no longer execute the file and instead block it. If you want to allow download of them, then you'll need to configure the static file handler (and request filtering) to handle everything instead, but make sure you do that for that folder only since you don't want people downloading your source code.
Running the script would require remote access to the server, either directly or by exploiting some bug in the website code (similar to SQL injection). The risk here is mostly in hosting malware, especially if you allow user uploads to be downloaded by other users. While getting malware onto a machine is not as simple as just renaming an executable to another file type (it still has to be run as an executable rather than an Excel spreadsheet, for instance, to be able to function), it is possible to embed malware in various types of files, such that the act of opening that file causes execution of the malware. In that sense, you really can't tell at a glance whether a file is malware or not. It could look like an Excel file even open up properly in Excel, but still wreck havoc. The only way to be safe is scan all user uploaded files with a good antimalware application.
As far as running something remotely goes, though, the access to the server required to run the script would provide a much better avenue for mischief that your upload form, anyways. So anyone who could manage that kind of access isn't going to be trying to exploit you through your upload form, and anyone who uploads something malicious without that access can't really do anything.
I have a need to convert any document gets uploaded to Image.
I downloaded the exe (with all the dlls) on my local machine (dont have to install)
export.exe sourcefile.doc destinationfile.gif >> this syntax works from my local dos prompt.
How do I use the same syntax "export.exe exampledoc.doc exampledoc.gif" when an item is added to sharepoint doc library.
and Do I need to put the folder (where the exe and dlls are for this) in the sharepoint frontend server so it's accessible? If yes, where should this folder reside? Does the folder and files need sharepoint service account access?
I am totally new and I would really like if someone can shed some light on this (step by step if possible)?
Thanks
Justin...
In order to do this from a SharePoint event handler, each WFE on the farm would need to have your conversion application available, your event handler code would need to place the uploaded file in a temporary location on disc, invoke the conversion application (look at the .NET Process class for this), cancel the addition of the original, unconverted document, and add the output of your processed file to the library (ensure you use the DisableEventFiring() method of the event handler as to not have the event handler trigger itself during the addition of the new file), and then clean up after itself.
Having said that, this operation seems like something that you really wouldn't want to tax a web server getting any real traffic with doing in real time. You may want to look into batching the jobs to be done daily during traffic lulls by another system, or one dedicated resource on the farm.