help on running a command via website page!

athlete501 · Post by **athlete501** » Sun Jul 22, 2007 3:25 am

how can i have someone visit a webpage and it automatically runs a command prompt command? i mean activex controls, yes. but idk the code for it. maybe theres a certain command for php?? idk hellllp!

Hacksign · Post by **Hacksign** » Mon Jul 23, 2007 4:43 am

the attack usually operated with some IE or Firefox bugs

u can made a page that include a exploit code
when vistors open this page,the code is executed

Captain Segfault · Post by **Captain Segfault** » Mon Jul 23, 2007 7:08 am

athlete501 wrote:how can i have someone visit a webpage and it automatically runs a command prompt command? i mean activex controls, yes. but idk the code for it. maybe theres a certain command for php?? idk hellllp!

To be clear, you shouldn't be able to do this without the browser asking the user. That would be a major security hole. For a fully patched box, an ActiveX control is about the best bet because a clueless user might just allow it. (the "social engineering" approach) Otherwise you need to exploit a bug in the browser, which will only work with an unpatched browser...

Also, note that php has no special power here! It just generates HTML (or whatever) that gets sent to the browser. The user does not actually see any php. You could use php to code something up that would dynamically pick the exploit code to display based on the user agent string that the user's browser sends...

athlete501 · Post by **athlete501** » Sat Jul 28, 2007 4:04 am

ya but i've seen code at php.net saying like shell_exec and w/e. but it hasnt worked for me yet. so idk.

thanks though

Captain Segfault · Post by **Captain Segfault** » Sat Jul 28, 2007 5:15 am

Typical PHP excutes on the server. "shell_exec" probably runs a command on the server.

hacker.org

help on running a command via website page!

help on running a command via website page!

Re: help on running a command via website page!