Search code examples
phpshellshell-execmetasploit

Server side script for launching application

I have been trying unsuccessfully so far to write a php script that will run when a page is opened and that will launch metasploit!

I ve tried shell_exec and exec and all the other alternatives but although I can get it to do simple things (i.e. ls, cds etc) if I try msfconsole it doesnt do anything!

I have also tried a different script that launches firefox and again nothing happens!

Now i know that php runs on the server and I m not expecting to see a console or firefox opening in the clients machine! Instead in order to check if it works I am trying to echo out the output of the shell_exec!But anyway since im hosting the files on my machine (i.e. this is the server and a VM is the client) if it could actually launch firefox i should be able to see the app opening here in the same way as by just doing this from the command line!

What am I missing?

Is there any other way to do this?(i.e. Launch metasploit everytime a user opens up my page)

NOTE: I've tried specifying the full path for msfconsole but that didnt work either!

Heres what I have so far:

$output = shell_exec('/opt/local/libexec/metasploit3/msfconsole;show');
echo "<pre>$output</pre>";

The ";show" bit was used in order to actually make it run something and print some stuff but didnt make any difference!

Solution

  • When you run a gui application from the command prompt in a X window system, it will use the default display. When you run it using php which is embedded in apache webserver, the program may not know where to display the gui application.

    there are 2 things to make this work.

    1. The program that executes the gui application must have permission to use display
    2. you need to tell the program which display to use.

    I used the following in my php script

    <?php
$cmd = `export DISPLAY=:0; gedit`;
shell_exec($cmd);
?>

    and ran the script from terminal using php -f test.php I got the gedit up and running.

    You can test the same with the script in apache too. Please add apache user with privileges to access display server

    update: I just added the following in /etc/apache2/apache2.conf (I am using ubuntu)

    User poomalai
Group poomalai

    and restarted the web server sudo service apache2 restart

    now I accessed localhost/test.php and Presto!! I got the gedit :)

    Hope this helps