DOS Prompt in I.E.

Discussion in 'ASP General' started by Scott McNair, Jul 26, 2003.

  1. Scott McNair

    Scott McNair Guest

    I came up with this the other day while playing. Basically it puts an
    I.E. wrapper around a DOS prompt. There are a few things to note:

    1. It cannot handle any programs that require input, or any programs
    that require a CTRL-C to exit. If you do this, you'll have to run an
    IISRESET.
    2. It cannot handle any programs that trigger a window. Again, if you
    do you'll have to run IISRESET.
    3. It doesn't do commands (e.g. DIR, MD, CD) but it will run programs
    (IPCONFIG, PING, NETSTAT)
    4. This app EXPOSES YOUR COMPUTER and as such is a potential back-door
    for malicious entry, if somebody happened to stumble across the page and
    run the right programs. As a result, you should take the highest
    possible precautions to secure the page if you plan to keep it on a live
    box. I personally have NT Auth set up for the page.
    5. This page won't even come close to working in Netscape, so don't even
    try.
    6. Either name it HyperDOS.asp, or change the references to the name in
    the page.

    I'm interested in any feedback you can provide, as well as any
    suggestions to fix or lessen notes 1-3.

    ==========

    <%
    Option Explicit

    Select Case Request("Action")
    Case ""
    %>
    <html>
    <head>
    <title>HyperDOS</title>
    </head>

    <frameset rows="10%, 90%" border=0>
    <frame id=StdIn name=StdIn scrolling="no">
    <frame id=StdOut name=StdOut src="?
    Action=Main">
    </frameset>
    </html>
    <%
    Case "Main"
    %>
    <html>
    <head>
    <script language="VBScript">
    Function Main()
    Print "<b>HyperDOS v0.01a</b>"
    Print "Designed 2003 by Scott
    McNair"
    Print "Type 'DISCLAIMER' for
    legal information."

    Input.focus()
    End Function

    Function ParseData()
    txtInput = Input.value
    Input.value = ""
    Path.style.display="none"
    Input.style.display="none"

    Print "&gt; " & txtInput
    txtInput = lcase(txtInput)

    If LCase(txtInput)
    ="disclaimer" Then
    Print "<b>HyperDOS</b>
    provides a front-end to Windows command prompt. If you put this page on
    your web server, please " &_
    "keep in mind that
    you're providing a potential back door for people to come in and
    delete/create/modify files " &_
    "on your computer.
    Please make sure to take appropriate precautions."

    document.location.href="#bottom"
    txtLastInput =
    txtInput

    Path.style.display="inline"

    Input.style.display="block"
    Input.focus()
    Exit Function
    End If


    parent.StdIn.location.href="HyperDOS.asp?Action=Drill&Command=" &
    txtInput
    End Function

    Function Print(MyText)
    txtOutput.innerHTML =
    txtOutput.innerHTML & "<div style='border:solid black
    1px;color:white'>" & MyText & "</div>"
    End Function
    </script>
    </head>

    <body onload="Main()" style="font-
    family:courier;background-color:black;color:white">
    <div name=txtOutput id=txtOutput></div>
    <span name=Path id=Path>&gt;&nbsp;</span>
    <input type=text name=Input id=Input
    style="width:500px;border:none;font-
    family:courier;height:20px;color:White;background-color:black;"
    onkeypress="If window.event.keyCode = 13 Then ParseData()">
    <a name="bottom"></a>
    </body>
    </html>
    <%
    Case "Drill"
    Dim Command : Command=Request("Command")
    Dim objShell, objWshScriptExec, objStdOut, strLine
    Set objShell = Server.CreateObject("WScript.Shell")

    On Error Resume Next
    Set objWshScriptExec = objShell.Exec (Command)
    'The command line
    Set objStdOut = objWshScriptExec.StdOut 'Reads
    the output from the command
    %>
    <html>
    <head></head>
    <body>
    <%
    If objStdOut Then
    While Not objStdOut.AtEndOfStream
    strLine = objStdOut.ReadLine
    strLine = Left(strLine,Len
    (strLine)-1) & "<br>"
    strLine = Replace
    (strLine,"""","&quot;")
    Response.Write "<script
    language=VBScript>" & vbcrlf
    %>

    parent.StdOut.txtOutput.innerHTML =
    parent.stdOut.txtOutput.innerHTML & "<div style='border:solid black
    1px;color:white'><%=strLine%></div>"

    parent.StdOut.document.body.doScroll(down)
    <%
    ' Response.Write "Print """ &
    strLine & """" & vbcrlf
    Response.Write "</script>" &
    vbcrlf
    Response.Flush
    Wend
    End If
    On Error Goto 0
    %>
    <script language="VBScript">
    Print "&nbsp;"
    parent.StdOut.Path.style.display="inline"
    parent.StdOut.Input.style.display="inline"
    parent.StdOut.Input.focus()
    '
    parent.StdOut.location.href=parent.StdOut.location.href &
    "#bottom"
    </script>
    </body>
    <%
    End Select
    %>
    Scott McNair, Jul 26, 2003
    #1
    1. Advertising

  2. Scott McNair

    John Smith Guest

    Another ASP based command toy:
    http://www.dalun.com/ftp/cmdconsole.zip


    "Scott McNair" <scott.mcnair@sfmco.[takethispartout].com> wrote in message
    news:Xns93C3DE1D45780qwertyuiop@207.46.248.16...
    > I came up with this the other day while playing. Basically it puts an
    > I.E. wrapper around a DOS prompt. There are a few things to note:
    >
    > 1. It cannot handle any programs that require input, or any programs
    > that require a CTRL-C to exit. If you do this, you'll have to run an
    > IISRESET.
    > 2. It cannot handle any programs that trigger a window. Again, if you
    > do you'll have to run IISRESET.
    > 3. It doesn't do commands (e.g. DIR, MD, CD) but it will run programs
    > (IPCONFIG, PING, NETSTAT)
    > 4. This app EXPOSES YOUR COMPUTER and as such is a potential back-door
    > for malicious entry, if somebody happened to stumble across the page and
    > run the right programs. As a result, you should take the highest
    > possible precautions to secure the page if you plan to keep it on a live
    > box. I personally have NT Auth set up for the page.
    > 5. This page won't even come close to working in Netscape, so don't even
    > try.
    > 6. Either name it HyperDOS.asp, or change the references to the name in
    > the page.
    >
    > I'm interested in any feedback you can provide, as well as any
    > suggestions to fix or lessen notes 1-3.
    >
    > ==========
    >
    > <%
    > Option Explicit
    >
    > Select Case Request("Action")
    > Case ""
    > %>
    > <html>
    > <head>
    > <title>HyperDOS</title>
    > </head>
    >
    > <frameset rows="10%, 90%" border=0>
    > <frame id=StdIn name=StdIn scrolling="no">
    > <frame id=StdOut name=StdOut src="?
    > Action=Main">
    > </frameset>
    > </html>
    > <%
    > Case "Main"
    > %>
    > <html>
    > <head>
    > <script language="VBScript">
    > Function Main()
    > Print "<b>HyperDOS v0.01a</b>"
    > Print "Designed 2003 by Scott
    > McNair"
    > Print "Type 'DISCLAIMER' for
    > legal information."
    >
    > Input.focus()
    > End Function
    >
    > Function ParseData()
    > txtInput = Input.value
    > Input.value = ""
    > Path.style.display="none"
    > Input.style.display="none"
    >
    > Print "&gt; " & txtInput
    > txtInput = lcase(txtInput)
    >
    > If LCase(txtInput)
    > ="disclaimer" Then
    > Print "<b>HyperDOS</b>
    > provides a front-end to Windows command prompt. If you put this page on
    > your web server, please " &_
    > "keep in mind that
    > you're providing a potential back door for people to come in and
    > delete/create/modify files " &_
    > "on your computer.
    > Please make sure to take appropriate precautions."
    >
    > document.location.href="#bottom"
    > txtLastInput =
    > txtInput
    >
    > Path.style.display="inline"
    >
    > Input.style.display="block"
    > Input.focus()
    > Exit Function
    > End If
    >
    >
    > parent.StdIn.location.href="HyperDOS.asp?Action=Drill&Command=" &
    > txtInput
    > End Function
    >
    > Function Print(MyText)
    > txtOutput.innerHTML =
    > txtOutput.innerHTML & "<div style='border:solid black
    > 1px;color:white'>" & MyText & "</div>"
    > End Function
    > </script>
    > </head>
    >
    > <body onload="Main()" style="font-
    > family:courier;background-color:black;color:white">
    > <div name=txtOutput id=txtOutput></div>
    > <span name=Path id=Path>&gt;&nbsp;</span>
    > <input type=text name=Input id=Input
    > style="width:500px;border:none;font-
    > family:courier;height:20px;color:White;background-color:black;"
    > onkeypress="If window.event.keyCode = 13 Then ParseData()">
    > <a name="bottom"></a>
    > </body>
    > </html>
    > <%
    > Case "Drill"
    > Dim Command : Command=Request("Command")
    > Dim objShell, objWshScriptExec, objStdOut, strLine
    > Set objShell = Server.CreateObject("WScript.Shell")
    >
    > On Error Resume Next
    > Set objWshScriptExec = objShell.Exec (Command)
    > 'The command line
    > Set objStdOut = objWshScriptExec.StdOut 'Reads
    > the output from the command
    > %>
    > <html>
    > <head></head>
    > <body>
    > <%
    > If objStdOut Then
    > While Not objStdOut.AtEndOfStream
    > strLine = objStdOut.ReadLine
    > strLine = Left(strLine,Len
    > (strLine)-1) & "<br>"
    > strLine = Replace
    > (strLine,"""","&quot;")
    > Response.Write "<script
    > language=VBScript>" & vbcrlf
    > %>
    >
    > parent.StdOut.txtOutput.innerHTML =
    > parent.stdOut.txtOutput.innerHTML & "<div style='border:solid black
    > 1px;color:white'><%=strLine%></div>"
    >
    > parent.StdOut.document.body.doScroll(down)
    > <%
    > ' Response.Write "Print """ &
    > strLine & """" & vbcrlf
    > Response.Write "</script>" &
    > vbcrlf
    > Response.Flush
    > Wend
    > End If
    > On Error Goto 0
    > %>
    > <script language="VBScript">
    > Print "&nbsp;"
    > parent.StdOut.Path.style.display="inline"
    > parent.StdOut.Input.style.display="inline"
    > parent.StdOut.Input.focus()
    > '
    > parent.StdOut.location.href=parent.StdOut.location.href &
    > "#bottom"
    > </script>
    > </body>
    > <%
    > End Select
    > %>
    John Smith, Jul 26, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tomer Ben-David

    Open dos command prompt from java

    Tomer Ben-David, May 16, 2004, in forum: Java
    Replies:
    9
    Views:
    74,427
    mrgowthamkumar
    Feb 22, 2009
  2. Ted
    Replies:
    1
    Views:
    507
  3. gaurav kashyap
    Replies:
    2
    Views:
    606
    gaurav kashyap
    Oct 30, 2008
  4. gaurav kashyap
    Replies:
    3
    Views:
    673
    gaurav kashyap
    Oct 31, 2008
  5. Mel
    Replies:
    10
    Views:
    3,096
    Sailaja Appi
    Feb 13, 2009
Loading...

Share This Page