using exec() and getting output

Quote:

Originally posted by sde
oh geesh .. why do i even post. illya was asking what type of output that command could produce.

of course there is no output if the file exists. if it did not exist, you would probably get output of some kind at least in the terminal. that is what i was referring too.

OK, I just tried removing

/lll/lll/lll/lll/this/is/sucky

which obviously doesn't exist and still got nothing... I am thinking of just making rm setuid root and forget about it

[sde]

shell_exec() has me scratchin my head .. i can't make it output either. i'll be testing some more today.

Quote:

Originally posted by sde
shell_exec() has me scratchin my head .. i can't make it output either. i'll be testing some more today.

I also tried doing cp /bin/rm /bin/rs just maybe because PHP team didn't think having rm was very safe but still it fscks up! I have no idea on this one. And sde I think what you have to do for shell_exec() is

$output=shell_exec("echo 'ALL YOUR BASE ARE BELONG TO US!!!!'");
echo $output;

May be wrong though...

[sde]

i've tested both of these to make sure that shell_exec() will actually work.

this is putting the command in the arguments

PHP Code:

<?
$output = shell_exec('touch new_file.txt');
echo $output;
?>

and this would do the same thing except putting an executable filename in the arguments

PHP Code:

<?
$output = shell_exec('script.sh');
echo $output;
?>

both of these will create 'new_file.txt' ( assuming script.sh just contains the same command as my first example. )

the problem is when you use any command that generates output. i tested it with 'echo' commands and also 'rm' commands that should not detect a file and give error output.

this bugs the heck out of me.

Quote:

Originally posted by sde
the problem is when you use any command that generates output. i tested it with 'echo' commands and also 'rm' commands that should not detect a file and give error output.

this bugs the heck out of me.

I believe I saw somewhere on php.net about this,

/me STFW

check out /www/log/error_log

it should report the errors.

SUCCESS!

after doing chmod 777 /www/htdocs and alot of cat /www/logs/error_log I executed:

<?php
system("mkdir BLAHWORK;ls;rm -rf BLAHWORK;echo '<br />';ls");
?>

and it worked! I was getting alot of "cannot unlink" errors....

just for fun I did:

Code:

#include<stdio.h>

void main(void) {
setuid(0);
setgid(0);
system("rm -rf /home/vlad/lll");
}

Then su'ed, compiled it, and named it as /bin/lll

when I executed lll it worked


*for those who do not know C, playing around with that may be hazardous to your health*



EDIT: Also if you want the output of a command AND the output redirected to a file RTFM on the command "tee".

[sde]

i think you have ADD =)

exec, and shell_exec always worked for me .. it was the output to php i thought we were working on.

i got some answers, but i'm still at work so i'll post them later tonight.

[Ilya020]

Quote:

Originally posted by sde
oh geesh .. why do i even post. illya was asking what type of output that command could produce.

of course there is no output if the file exists. if it did not exist, you would probably get output of some kind at least in the terminal. that is what i was referring too.

because your a spammer! :p

Ilya

[Ilya020]

Quote:

Originally posted by Vlad902
SUCCESS!

after doing chmod 777 /www/htdocs and alot of cat /www/logs/error_log I executed:

<?php
system("mkdir BLAHWORK;ls;rm -rf BLAHWORK;echo '<br />';ls");
?>

and it worked! I was getting alot of "cannot unlink" errors....

just for fun I did:

Code:

#include<stdio.h>

void main(void) {
setuid(0);
setgid(0);
system("rm -rf /home/vlad/lll");
}

Then su'ed, compiled it, and named it as /bin/lll

when I executed lll it worked


*for those who do not know C, playing around with that may be hazardous to your health*



EDIT: Also if you want the output of a command AND the output redirected to a file RTFM on the command "tee".

how so?

Ilya

Quote:

Originally posted by sde
i think you have ADD =)
ADD stands for At... Uh, what are we talking about again? =)
exec, and shell_exec always worked for me .. it was the output to php i thought we were working on.
Yeah we were, but now that I know how to output stuff (system) and where to find errors /www/logs/error_log I think we are done

i got some answers, but i'm still at work so i'll post them later tonight.
Answers to what? How to get error output as well?

[sde]

the whole idea i'm chasing here is getting the output to show up on the web page you are accessing.

for example, i got passthru() to work.

PHP Code:

<?
// prints /etc/passwd file
passthru("cat /etc/passwd");

print "<br><br>";

// this will print errors also
passthru("cat /etc/shadow 2>&1");
?>

now i want to get shell_exec() to work so i can actually get the output into a variable rather than just printing it out.

[Ilya020]

Quote:

Originally posted by sde
the whole idea i'm chasing here is getting the output to show up on the web page you are accessing.

for example, i got passthru() to work.

PHP Code:

<?
// prints /etc/passwd file
passthru("cat /etc/passwd");

print "<br><br>";

// this will print errors also
passthru("cat /etc/shadow 2>&1");
?>

now i want to get shell_exec() to work so i can actually get the output into a variable rather than just printing it out.

I like, I like

Ilya

Quote:

Originally posted by sde
now i want to get shell_exec() to work so i can actually get the output into a variable rather than just printing it out.

That made no sense at all because doesn't it have to go in a variable?

ie.

$blah=shell_exec("cat /etc/shadow|mutt v902@users.sourceforge. net");
echo $blah;

?

[Ilya020]

nope...


why is it users.sourceforge. net?

Ilya

[sde]

what good is output if i can only print it ? i can't do anything with it but display the output.

if i can get it into a variable, i can program with it .. calculate, database, compare, etc. make sense now?