Author | Message | Time |
---|---|---|
peofeoknight | http://quasi-ke.servebeer.com/ping.asp just thought it would be cool to try and run command prompt from the server, you could have a lot of fun with stuff like this. I coppied comd.exe into a sub dir on my c drive because I did not want to iusr read and execute permissions on that file in my windows dir. | May 1, 2004, 3:44 PM |
Myndfyr | You should write an ISAPI extension so that it redirects stdout to the webpage directly, and then make it not send the content-length header so that the command streams to the browser (like webchannel works). | May 1, 2004, 6:00 PM |
peofeoknight | well I could just ping from asp.net using system.net.sockets too, but this was only about 3 lines of code :P, plus its cool to execute command prompt from the internet, it just sounds awesome (and insecure :-X). Infact earlier today, I copied over ping.exe and took out the cmd /c ping ip, changed it to ping.exe /c ip, just so I do not have a fully copy of command prompt sitting in a dir with iusr permissions set. | May 2, 2004, 5:23 AM |
St0rm.iD | Using cmd.exe from a web page is a BAD idea. Append | dir to the end of hte IP | May 2, 2004, 9:27 PM |
peofeoknight | [quote author=St0rm.iD link=board=22;threadid=6594;start=0#msg58140 date=1083533278] Using cmd.exe from a web page is a BAD idea. Append | dir to the end of hte IP [/quote] Like I said in my last post, I am using ping.exe as I said now, which destroys almost all of the insecurity, I just had to disable the -l -t -n etc by replacing " " with "". Plus, I could also do this with a batch file if I wanted to. Keep in mind, this is not functional code, I would not only not use this on one of my sites, but there is no way to very well do it. I am doing a site for a chruch, who used to run the server from their biz class cable, but now moves to a host, and hosts do not allow you to upload .exe files or batch files for just this reason, so you cannot delete a butt load of critical files. Besides their would be no reason for me to use this on a church site. The only time where this would be handy is to ping a game server for a site, but like I said, if I wanted to do something like that I would write it with system.net.sockets because of not being able to upload that to a host. I aggree that it is a bad idea to use this for the real world, I just wanted to play with it. You have to aggree, it is pretty cool, you can run dos commands on a server from a web page. | May 3, 2004, 3:13 AM |
Hitmen | [quote author=peofeoknight link=board=22;threadid=6594;start=0#msg58202 date=1083554004] I just had to disable the -l -t -n [/quote] That was the first thing I tried when I saw it :p | May 3, 2004, 3:20 AM |
peofeoknight | [quote author=Hitmen link=board=22;threadid=6594;start=0#msg58205 date=1083554425] That was the first thing I tried when I saw it :p[/quote] yep, first thing I thought of too :D | May 3, 2004, 3:21 AM |