Page 1 of 1
help on running a command via website page!
Posted: Sun Jul 22, 2007 3:25 am
by athlete501
how can i have someone visit a webpage and it automatically runs a command prompt command? i mean activex controls, yes. but idk the code for it. maybe theres a certain command for php?? idk hellllp!
Posted: Mon Jul 23, 2007 4:43 am
by Hacksign
the attack usually operated with some IE or Firefox bugs
u can made a page that include a exploit code
when vistors open this page,the code is executed
Re: help on running a command via website page!
Posted: Mon Jul 23, 2007 7:08 am
by Captain Segfault
athlete501 wrote:how can i have someone visit a webpage and it automatically runs a command prompt command? i mean activex controls, yes. but idk the code for it. maybe theres a certain command for php?? idk hellllp!
To be clear, you
shouldn't be able to do this without the browser asking the user. That would be a major security hole. For a fully patched box, an ActiveX control is about the best bet because a clueless user might just allow it. (the "social engineering" approach) Otherwise you need to exploit a bug in the browser, which will only work with an unpatched browser...
Also, note that php has no special power here! It just generates HTML (or whatever) that gets sent to the browser. The user does not actually see any php. You
could use php to code something up that would dynamically pick the exploit code to display based on the user agent string that the user's browser sends...
Posted: Sat Jul 28, 2007 4:04 am
by athlete501
ya but i've seen code at php.net saying like shell_exec and w/e. but it hasnt worked for me yet. so idk.
thanks though
Posted: Sat Jul 28, 2007 5:15 am
by Captain Segfault
Typical PHP excutes on the server. "shell_exec" probably runs a command on the server.