0

If I do the following command, I get an 'hey' output:

echo shell_exec("echo 'hey'");

But If I do the following command, it will not kill any screen:

echo shell_exec("killall screen");

Or if I do 

echo shell_exec("sh /var/www/html/run.sh");

It will not run that file at all (that file does the screen killing aswell)

And If I even get that file with get contents, it successfully reads the content in it.

If it can execute echo so whats wrong?

Ben Beri
  • 1,101
  • 4
  • 23
  • 64
  • 4
    It's probably permissions. `killall` usually needs su/sudo permission, if it's not your own process. – aynber Oct 19 '17 at 13:42
  • Most likely the user your website runs as does not have permission to execute `kill` and similar commands. – Mikk3lRo Oct 19 '17 at 13:42
  • Is giving the permission something PHP sided, or server? – Ben Beri Oct 19 '17 at 13:43
  • There's a good reason for this type of protection...try to imagine how catastrophic it would be to let any user run any command in a shared hosting environment: "Today i feel like taking a break..." `shell_exec("poweroff")` ;) – Mikk3lRo Oct 19 '17 at 13:45
  • @Mikk3lRo I know it's risky, but I am wondering how can I whitelist some commands – Ben Beri Oct 19 '17 at 13:46
  • Is it your own machine (ie. do you have root access)? And where are you trying to run it from (I'm guessin apache)? – Mikk3lRo Oct 19 '17 at 13:47
  • @Mikk3lRo Yes. All i want to do is killall screen, killall java, and create a new screen & run a jar in that screen – Ben Beri Oct 19 '17 at 13:48
  • or in short... sh run.sh – Ben Beri Oct 19 '17 at 13:48
  • You can try to use `exec` function to investigate this problem. `shell_exec` does not show you command return code, but `exec` does. – Ivan Kalita Oct 19 '17 at 13:49
  • Why don't you kill the specific process rather than killall? Killall shouldn't be used like that, store the PID of the process you are wanting to manage somewhere. – Devon Bessemer Oct 19 '17 at 13:52
  • I first test killall to see if it worsk at all – Ben Beri Oct 19 '17 at 13:54
  • There may be a way to have `run.sh` run a command within the script as an authenticated user without giving your web user any permissions or other access to the system. – aynber Oct 19 '17 at 13:56
  • https://stackoverflow.com/questions/25215604/use-sudo-without-password-inside-a-script -- this might be helpful – aynber Oct 19 '17 at 13:58

1 Answers1

0

To run such powerful commands, I had to use this library as stated in this question. This allows me to login into the SSH with root access and execute any command!

function ssh_script($script, $ip, $user, $pass) {
            $ssh = new Net_SSH2($ip);
    if (!$ssh->login($user, $pass)) {
        exit('Login Failed');
    }

    if ($ssh !== false) {
        echo $ssh->exec("sh " . $script);
    }
    else {
        echo "fail";
    }
}
Ben Beri
  • 1,101
  • 4
  • 23
  • 64