Perl CGI script to emulate a shell command line window

A

Alain Star

You have a Windows machine with a Perl interpreter (ActivePerl from
ActiveState for example).
You have FTP access to a Linux box with a Perl CGI script engine (typically,
the box where your website is hosted)
But you are very frustrated because you do not have a TELNET or a SSH access
to this box, it would be much more easy to zip or untar your files...
The solution we suggest you is to create two scripts, a CGI wich will run on
the server and a Perl script that will run locally in a command line window.
The local software will send commands to your CGI in an HTTP request, the
CGI will interpret the command and will return the output wich will be
displayed by the windows script.

Script: http://www.cri.ch/perl/docs/cg0001.html

Comments welcome!

Regards,

AS.
 
A

A. Sinan Unur

You have a Windows machine with a Perl interpreter (ActivePerl from
ActiveState for example).
You have FTP access to a Linux box with a Perl CGI script engine
(typically, the box where your website is hosted)
But you are very frustrated because you do not have a TELNET or a SSH
access to this box, it would be much more easy to zip or untar your
files... The solution we suggest you is to create two scripts, a CGI
wich will run on the server and a Perl script that will run locally in
a command line window. The local software will send commands to your
CGI in an HTTP request, the CGI will interpret the command and will
return the output wich will be displayed by the windows script.

It occurs to me that there a lot of nutty people out there. You seem to be
one of them by suggesting people install a Trojan horse accessible to
anyone in the world on their hosting provider's machine.

Not nice.

perldoc perlsec

Sinan.
 
G

Gregory Toomey

Alain said:
You have a Windows machine with a Perl interpreter (ActivePerl from
ActiveState for example).
You have FTP access to a Linux box with a Perl CGI script engine
(typically, the box where your website is hosted)
But you are very frustrated because you do not have a TELNET or a SSH
access to this box, it would be much more easy to zip or untar your
files... The solution we suggest you is to create two scripts, a CGI wich
will run on the server and a Perl script that will run locally in a
command line window. The local software will send commands to your CGI in
an HTTP request, the CGI will interpret the command and will return the
output wich will be displayed by the windows script.

Script: http://www.cri.ch/perl/docs/cg0001.html

Comments welcome!

Regards,

AS.

The solution is to ditch windows, install unix/ssh.

gtoomey
 
A

Alain Star

A. Sinan Unur wrote:


:::: Script: http://www.cri.ch/perl/docs/cg0001.html

:: It occurs to me that there a lot of nutty people out there. You seem
:: to be one of them by suggesting people install a Trojan horse
:: accessible to anyone in the world on their hosting provider's
:: machine.
::
:: Not nice.
::
:: perldoc perlsec

What a negative approach...
The idea is to help, not to harm.

AS
 
A

A. Sinan Unur

A. Sinan Unur wrote:


:::: Script: http://www.cri.ch/perl/docs/cg0001.html

:: It occurs to me that there a lot of nutty people out there. You seem
:: to be one of them by suggesting people install a Trojan horse
:: accessible to anyone in the world on their hosting provider's
:: machine.
::
:: Not nice.
::
:: perldoc perlsec

What a negative approach...
The idea is to help, not to harm.

This makes me think of roads to hell and bridges in Brooklyn.

For the benefit of others, just say no to this idea. It is a giant
security whole begging to be exploited by any script kiddie out there.


Sinan.
 
I

ioneabu

[...]
Script: http://www.cri.ch/perl/docs/cg0001.html

Comments welcome!

Regards,

AS.

I use something similar to access information from my Linux based
account from any web browser.

The weakness of your approach is to require any client software.

There is a pretty good Java based ssh program out there that is another
option. I think it is called Mindterm.

wana
 
D

David Efflandt

You have a Windows machine with a Perl interpreter (ActivePerl from
ActiveState for example).
You have FTP access to a Linux box with a Perl CGI script engine (typically,
the box where your website is hosted)
But you are very frustrated because you do not have a TELNET or a SSH access
to this box, it would be much more easy to zip or untar your files...
The solution we suggest you is to create two scripts, a CGI wich will run on
the server and a Perl script that will run locally in a command line
window...

I wrote a webshell.cgi that I used on such a site. But the CGI ran suexec
as me with 700 permission, the password within the script was crypted
(yours is not, so anyone with read access to your script could discover
it), and it would only work if REMOTE_ADDR was my static IP.

The CGI generated and processed a form that could just run a single
non-interactive command line from any browser where it duped stderr to
stdout. I primarily used it to find binaries and Perl modules on the
system and help others troubleshoot their CGI.

At one point when it refused me and displayed REMOTE_ADDR that was not
mine, it made me aware of an internet router (NOT associated with my ISP)
that was proxying (and probably caching) even dynamic web traffic without
our knowledge or permission (for unknown purposes). We questioned their
motives and put a stop to it. It makes you wonder who may be snooping
your internet traffic without your knowledge.
 
T

Tad McClellan

Alain Star said:
A. Sinan Unur wrote:


:::: Script: http://www.cri.ch/perl/docs/cg0001.html

:: It occurs to me that there a lot of nutty people out there. You seem
:: to be one of them by suggesting people install a Trojan horse
:: accessible to anyone in the world on their hosting provider's
:: machine.
::
:: Not nice.
::
:: perldoc perlsec

What a negative approach...


So when you said "Comments welcome!" you were just joking then?

Or did you mean instead "Comments that I want to hear are welcome"?

The idea is to help, not to harm.


Exactly so.

What you propose has the potential to do vast harm.

Steering people away from doing it is helpful.

See if you can identify who in this thread is helping others and
who is hurting others.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top