I usually use PuTTY to execute commands on a Linux machine. But I wish to make a webpage from where I can execute specific commands on a Linux machine by simple button clicks.
What are the various options available and what is the one that is easy to implement?
This depends on the kind of server you are running. But almost all servers have some kind of CGI support or an equivalent. Keep in mind that this can often cause a security issue.
I don't think you can and should try to embed script code in your page.
The best suggestion may be to hyperlink a script file and let the user get it from your server.
Just put that file on the server and then hyperlink it.
securewebcmd can do this for you
can use http or https
password protected
password not transmitted in clear, even using http (hashes the commandline with the password, and server does the same thing, using its copy of the password, and only runs the command, if the hashes match)
can queue commands, which run sequentially
can view results of any of the commands you've run earlier, even if you restart the server
uses nodejs: no dependency on any heavyweight server, ie no need for apache, jboss etc ...
Related
Let's state a situation:
I have the possibility to run arbitrary commands on a server as an unprivileged user, through "unconventional means".
I do not have the possibility to login using ssh to that server, either as my unprivileged user or anything else. So I do not have currently a CLI allowing me to run any commands I would like in a "normal" way.
I can ping that server and nothing prevents me to connect to arbitrary ports.
I still would like to have a command line to allow me to run arbitrary command as i wish on that server.
Theoretically nothing would prevent me to launch any program as my unprivileged user, including one that would open a port, allow some remote user to connect to it and just forward any commands to bash, returning the result. I just don't know any good program to do that.
So, does any one know? I looked at ways to launch ssh_server as an unprivileged user but some users reported that recent versions of ssh_server do not allow that anymore. Actually I don't even need ssh specifically, any way to get a working CLI would do the trick. Even a crappy node.js program launching an http server would work, as long as I have a CLI (... and it's not excessively crappy, the goal is to have a clean CLI, not something that bugs every two characters).
In case you would ask why I would like to do that, it's not related to anything illegal ^^. I just have to work with a very crappy Jenkins server for which I'm not allowed to have direct access to its agents. Whoever is responsible for that server doesn't give a sh** about its users' needs so we have to use hacky solutions just to have some diagnostic data about that server (like ram, cpu and disk usage, installed programs, etc...). Having a CLI that I can launch some time instead of altering a build configuration and waiting 20 minutes to have an answer about what's going on would really help.
Thanks in advance for any answer.
So do you have shell access to the server at least once? E.g., during the single day of the month when you are physically present at the site of your client or the outsourcing contractor?
And if you have shell access then, can you or your sysmin install Cockpit?
It listens on port 9090.
You can then use the credentials of your local user and open a terminal window in your browser. See sidebar item "Terminal" on the screenshots of the cockpit homepage.
According to the documentation
Cockpit has no special privileges and doesn’t run as root. It creates a session as the logged in user and has the same permissions as that user.
creation of a website through which can access Linux server and where can execute some operations like executing scripts, firing up some commands. need some expert guidance with some concepts.just guide me how can i achieve through, i have goggled a lot unable to get the proper concepts or methods. or is it even possible.
Have you considered using something along the lines of VNC or SSH? As JNevill pointed out, either of these methods would be infinitely more secure. Also, consider using something like cron for scheduled jobs.
However, sometimes a webpage for running a program on a server may be acceptable. e.g. IoT project. To do this, you would setup an API page using a back-end language like PHP (recommended if you're using Linux). In the back-end language you would check your user credentials, and then run the command.
Some guidelines in doing this:
Never allow commands to be entered on the webpage, only allow tasks to be completed using controlled inputs like buttons, selectboxes and sliders. i.e. a button to get an Arduino to close your garage door, or a slider to dim/brighten a light bulb, or a button to start a program to index something, etc.
None of these "command buttons" should ever do anything harmful. i.e. delete a folder or file.
I need to run shell commands on several servers. Is there a secure way to do this? Right now im thinking of exposing a php url that allows me to send pure script commands and let the web server spit out a json response. But this is a lot of work and doesnt sound like it will be very secure.
I want to run commands like "ping", "whois" and other network commands. Its about seeing connectivity between different servers. I.e. Server in germany can talk to the server in the us, etc
Use ssh. Read a good ssh tutorial. You want to use it with a public key (to avoid typing passwords).
Of course, you need to have an SSH server process running on the remote server machines.
I have a bunch of codes written in MATLAB (file.m) that I would like to run them on a remote Debian server but because of security reasons I cannot copy the code on the server. Is there anyway I can run it on the server such that nobody can access the content of the codes? I was thinking may be by referencing them (e.g. using ssh or any other way) on local machine without loading the codes to the server I can do it but I don't know how. Thanks,
-J
What's wrong with putting the code on the server and chmoding it so others can't read it?
Some other possible suggestions depending on your requirements:
Pipe the code into a matlab process over ssh (as if you just typed it in to the interactive console). This is made much harder because matlab doesn't let you define functions at the command line.
Mount your desktop using sshfs and run it from matlab that way.
If you have the fancy version of the parallel computing stuff, you can start a Matlab worker process on the server and send code to it remotely, I think.
If you want to protect the sourcecode of your .m files, you can scramble them with pcode. That way matlab will be able to execute them, but the original .m file can't be reconstructed, although bad people can still steal your .p code and execute (but not modify) it.
I don't know what kind of security you have in mind. Executing code on a server without actually transmitting the code to it sounds impossible to me. If you don't trust the remote server, you'll have to execute in on your own machine and have the server send you the data that has to be processed.
Have a look at fuse.
Is there a way to execute commands using directory traversal attacks?
For instance, I access a server's etc/passwd file like this
http://server.com/..%01/..%01/..%01//etc/passwd
Is there a way to run a command instead? Like...
http://server.com/..%01/..%01/..%01//ls
..... and get an output?
To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system
Chroot on Linux is easily breakable (unlike FreeBSD). Better solution is to switch on SELinux and run Apache in SELinux sandbox:
run_init /etc/init.d/httpd restart
Make sure you have mod_security installed and properly configured.
If you are able to view /etc/passwd as a result of the document root or access to Directory not correctly configured on the server, then the presence of this vulnerability does not automatically mean you can execute commands of your choice.
On the other hand if you are able view entries from /etc/passwd as a result of the web application using user input (filename) in calls such as popen, exec, system, shell_exec, or variants without adequate sanitization, then you may be able to execute arbitrary commands.
Unless the web server is utterly hideously programmed by someone with no idea what they're doing, trying to access ls using that (assuming it even works) would result in you seeing the contents of the ls binary, and nothing else.
Which is probably not very useful.
Yes it is possible (the first question) if the application is really really bad (in terms of security).
http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution
Edit#2: I have edited out my comments as they were deemed sarcastic and blunt. Ok now as more information came from gAMBOOKa about this, Apache with Fedora - which you should have put into the question - I would suggest:
Post to Apache forum, highlighting you're running latest version of Apache and running on Fedora and submit the exploit to them.
Post to Fedora's forum, again, highlighting you're running the latest version of Apache and submit the exploit to them.
It should be noted, include the httpd.conf to both of the sites when posting to their forums.
To minimize access to passwd files, look into running Apache in a sandbox/chrooted environment where any other files such as passwd are not visible outside of the sandbox/chrooted environment...have you a spare box lying around to experiment with it or even better use VMWARE to simulate the identical environment you are using for the Apache/Fedora - try get it to be IDENTICAL environment, and make the httpd server run within VMWare, and remotely access the Virtual machine to check if the exploit is still visible. Then chroot/sandbox it and re-run the exploit again...
Document the step-by-step to reproduce it and include a recommendation until a fix is found, meanwhile if there is minimal impact to the webserver running in sandbox/chrooted environment - push them to do so...
Hope this helps,
Best regards,
Tom.
If you already can view etc/passwd then the server must be poorly configured...
if you really want to execute commands then you need to know the php script running in the server whether there is any system() command so that you can pass commands through the url..
eg: url?command=ls
try to view the .htaccess files....it may do the trick..