Executing PowerShell Script from PHP

[niriuic]

Hello,

PowerShell script stored locally can never be executed after I click on button:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Testing PowerShell</title>
</head>
<body>
<?php
 
// If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
if(!isset($_POST["submit"]))
{
    ?>
    <form name="testForm" id="testForm" action="get-process.php" method="post" />
        Your name: <input type="text" name="username" id="username" maxlength="20" /><br />
        <input type="submit" name="submit" id="submit" value="Do stuff NowNew" />
    </form>
    <?php    
}
// Else if submit was pressed, check if all of the required variables have a value:
elseif((isset($_POST["submit"])) && (!empty($_POST["username"])))
{
   // Display the alert box 
   echo '<script>alert("Welcome to Geeks for Geeks")</script>';
   
   // Get the variables submitted by POST in order to pass them to the PowerShell script:
    $username = $_POST["username"];
    // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.:
    // $username = cleanData($_POST["username"]);
         

$psPath = "C:\\Windows\\SysWOW64\WindowsPowerShell\\v1.0\\powershell.exe";
$psDIR = "C:\\TestNew\\";
$psScript = "pscripta.ps1";
$runScript = $psDIR. $psScript;
$runCMD = $psPath." ".$runScript." 2>&1"; 

echo "\$psPath  $psPath <br>";
echo "\$psDIR  $psDIR <br>";
echo "\$psScript  $psScript <br>";
echo "\$runScript  $runScript <br>";
echo "\$runCMD   $runCMD  <br>";

exec( $runCMD,$out,$ret);

echo "<pre>";
print_r($out);
print_r($ret);
echo "</pre>";

}
// Else the user hit submit without all required fields being filled out:
else
{
    echo "Sorry, you did not complete all required fields. Please go back and try again.";
}
?>
</body>
</html>

 

Thank you for your help!

[gw1500se]

Insufficient information. What is returned from 'exec'? You are not checking that. What error are you getting? Be sure to have error reporting in you script.

error_reporting(E_ALL);

 

[niriuic]

This is what I see:

$psPath C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
$psDIR C:\TestNew\
$psScript pscripta.ps1
$runScript C:\TestNew\pscripta.ps1
$runCMD C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\TestNew\pscripta.ps1 2>&1

Array ( [0] => sh: 1: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe: not found ) 127

 

[gw1500se]

There is your answer. You have the wrong path.

[niriuic]

How this is considered as a wrong path?

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\TestNew\pscripta.ps1 2>&1

Can you be bit more specific?

Thanks

[gizmola]

In PHP the backslash is an escape character.  So you either need to double up your slashes in the path '//' or better yet, just use forward slashes, which works on any OS including windows.

 

C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe C:/TestNew/pscripta.ps1 2>&1

 

[gw1500se]

I believe using single quotes (') instead of double quotes (") will work also. However that will also make the script non-portable to *nix but then power shell does not exist on *nix either.

Edited April 26, 2021 by gw1500se

[niriuic]

Thank you both for your directions. Now after changing script as suggested this is what I see:

Quote

\$psPath $psPath
\$psDIR $psDIR
\$psScript $psScript
\$runScript $runScript
\$runCMD $runCMD

Array ( [0] => sh: 1: C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe: not found ) 127

It says PowerShell.exe not found. I can see PowerShell.exe in above path.

I was reading somewhere about making PowerShell.exe globally available so it is available to that user when executed from browser, but I am not sure how to make it available globally.

Thanks.

[gw1500se]

Show your corrected code.

[niriuic]

here it is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Testing PowerShell</title>
</head>
<body>
<?php
 
// If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
if(!isset($_POST["submit"]))
{
    ?>
    <form name="testForm" id="testForm" action="get-process.php" method="post" />
        Your name: <input type="text" name="username" id="username" maxlength="20" /><br />
        <input type="submit" name="submit" id="submit" value="Do stuff NowNew" />
    </form>
    <?php    
}
// Else if submit was pressed, check if all of the required variables have a value:
elseif((isset($_POST["submit"])) && (!empty($_POST["username"])))
{
   // Display the alert box 
   echo '<script>alert("Welcome to Geeks for Geeks")</script>';
   
   // Get the variables submitted by POST in order to pass them to the PowerShell script:
    $username = $_POST["username"];
    // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.:
    // $username = cleanData($_POST["username"]);
         

$psPath = 'C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe';
$psDIR = 'C:/TestNew/';
$psScript = 'pscripta.ps1';
$runScript = $psDIR. $psScript;
$runCMD = $psPath.' '.$runScript.' 2>&1'; 

echo '\$psPath  $psPath <br>';
echo '\$psDIR  $psDIR <br>';
echo '\$psScript  $psScript <br>';
echo '\$runScript  $runScript <br>';
echo '\$runCMD   $runCMD  <br>';

exec( $runCMD,$out,$ret);

echo '<pre>';
print_r($out);
print_r($ret);
echo '</pre>';

}
// Else the user hit submit without all required fields being filled out:
else
{
    echo 'Sorry, you did not complete all required fields. Please go back and try again.';
}

error_reporting(E_ALL);

?>
</body>
</html>

 

[gw1500se]

I think you still have the wrong path. I think you really want:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

[niriuic]

Now correcting the path and then running the script from browser throws below error:

Quote

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

 

[gw1500se]

Now you have to look in your IIS log.

[niriuic]

Yup. I've asked hosting provider to enable php logging to see actual error message.

Thanks for your help.

 

[niriuic]

While hosting provider is in the process of enabling php logging (not sure why would it take so long for them to enable), I have a few things to clarify:

Since I am executing get-process.php script (above) from a URL (https://domain.com/wp-content/uploads/get-process.php), can browser allow a script to access local file (powershell.exe) and allow an execution of a script from local folder?

If answer to above question is no then how would someone execute a script on a click of button?

In other words, allowing a browser script to access local files is a security risk.

Thank you.

Edited April 27, 2021 by niriuic
edited

[niriuic]

Error message as reported in cgi log:

20210427T130408: domain.com/wp-content/uploads/get-process.php
PHP Parse error:  syntax error, unexpected 'pscripta' (T_STRING) in /hermes/bosnacweb01/bosnacweb01au/b375/ipg.acc56021/wp_site_1618028062/wp-content/uploads/get-process.php on line 33

[gw1500se]

What do you mean browser script? PHP is server side only. It cannot see anything on the client side (javascript). As a matter of security, a browser will not execute programs on the client.

You need to look around line 33 in that script for a syntax error. It may occur before line 33.

[niriuic]

So my initial ask was how to execute a script/external program with a click of "button".

If browser doesn't allow then how someone cloud build a solution that can execute a local powershell script?

https://theboywonder.co.uk/2012/07/29/executing-powershell-using-php-and-iis/

Thanks.

 

[gw1500se]

You launch it from javascript but you would need to have the client register an application.

[kicken]

You can't execute a powershell script on the end-user's machine if that's what you're trying to ask.   If you want the end-user to be able to trigger the script on your server then you just make a request the PHP script which will then execute the powershell script.  You can make that request with a simple link or form button or you could do it via javacript in the background.

 

[niriuic]

I think it's time to switch from PowerShell to REST API. Code conversion might take some time but I find REST API route useful in the near future.

Thank you very much for all your help. Appreciate it.

[gw1500se]

You still will need something on the client side to run the API. That means, again, PHP must ask the user to execute whatever code.

[niriuic]

Yes that's true - we have shifted our front-end code using css html and javascript. It's just the server side code that retrieves data and show to user.

On a side note, I was curious to see a working example of javascript authenticating against an office 365 Tenant and then retrieving mailbox information.

Thank you.