Jump to content

Executing PowerShell Script from PHP


niriuic
Go to solution Solved by gw1500se,

Recommended Posts

Hello,

PowerShell script stored locally can never be executed after I click on button:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Testing PowerShell</title>
</head>
<body>
<?php
 
// If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
if(!isset($_POST["submit"]))
{
    ?>
    <form name="testForm" id="testForm" action="get-process.php" method="post" />
        Your name: <input type="text" name="username" id="username" maxlength="20" /><br />
        <input type="submit" name="submit" id="submit" value="Do stuff NowNew" />
    </form>
    <?php    
}
// Else if submit was pressed, check if all of the required variables have a value:
elseif((isset($_POST["submit"])) && (!empty($_POST["username"])))
{
   // Display the alert box 
   echo '<script>alert("Welcome to Geeks for Geeks")</script>';
   
   // Get the variables submitted by POST in order to pass them to the PowerShell script:
    $username = $_POST["username"];
    // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.:
    // $username = cleanData($_POST["username"]);
         

$psPath = "C:\\Windows\\SysWOW64\WindowsPowerShell\\v1.0\\powershell.exe";
$psDIR = "C:\\TestNew\\";
$psScript = "pscripta.ps1";
$runScript = $psDIR. $psScript;
$runCMD = $psPath." ".$runScript." 2>&1"; 

echo "\$psPath  $psPath <br>";
echo "\$psDIR  $psDIR <br>";
echo "\$psScript  $psScript <br>";
echo "\$runScript  $runScript <br>";
echo "\$runCMD   $runCMD  <br>";

exec( $runCMD,$out,$ret);

echo "<pre>";
print_r($out);
print_r($ret);
echo "</pre>";

}
// Else the user hit submit without all required fields being filled out:
else
{
    echo "Sorry, you did not complete all required fields. Please go back and try again.";
}
?>
</body>
</html>

 

Thank you for your help!

Link to comment
Share on other sites

This is what I see:

$psPath C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
$psDIR C:\TestNew\
$psScript pscripta.ps1
$runScript C:\TestNew\pscripta.ps1
$runCMD C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\TestNew\pscripta.ps1 2>&1

Array ( [0] => sh: 1: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe: not found ) 127

 

Link to comment
Share on other sites

In PHP the backslash is an escape character.  So you either need to double up your slashes in the path '//' or better yet, just use forward slashes, which works on any OS including windows.

 

C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe C:/TestNew/pscripta.ps1 2>&1

 

Link to comment
Share on other sites

Thank you both for your directions. Now after changing script as suggested this is what I see:

Quote

\$psPath $psPath
\$psDIR $psDIR
\$psScript $psScript
\$runScript $runScript
\$runCMD $runCMD

Array ( [0] => sh: 1: C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe: not found ) 127

It says PowerShell.exe not found. I can see PowerShell.exe in above path.

I was reading somewhere about making PowerShell.exe globally available so it is available to that user when executed from browser, but I am not sure how to make it available globally.

Thanks.

Link to comment
Share on other sites

here it is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Testing PowerShell</title>
</head>
<body>
<?php
 
// If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
if(!isset($_POST["submit"]))
{
    ?>
    <form name="testForm" id="testForm" action="get-process.php" method="post" />
        Your name: <input type="text" name="username" id="username" maxlength="20" /><br />
        <input type="submit" name="submit" id="submit" value="Do stuff NowNew" />
    </form>
    <?php    
}
// Else if submit was pressed, check if all of the required variables have a value:
elseif((isset($_POST["submit"])) && (!empty($_POST["username"])))
{
   // Display the alert box 
   echo '<script>alert("Welcome to Geeks for Geeks")</script>';
   
   // Get the variables submitted by POST in order to pass them to the PowerShell script:
    $username = $_POST["username"];
    // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.:
    // $username = cleanData($_POST["username"]);
         

$psPath = 'C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe';
$psDIR = 'C:/TestNew/';
$psScript = 'pscripta.ps1';
$runScript = $psDIR. $psScript;
$runCMD = $psPath.' '.$runScript.' 2>&1'; 

echo '\$psPath  $psPath <br>';
echo '\$psDIR  $psDIR <br>';
echo '\$psScript  $psScript <br>';
echo '\$runScript  $runScript <br>';
echo '\$runCMD   $runCMD  <br>';

exec( $runCMD,$out,$ret);

echo '<pre>';
print_r($out);
print_r($ret);
echo '</pre>';

}
// Else the user hit submit without all required fields being filled out:
else
{
    echo 'Sorry, you did not complete all required fields. Please go back and try again.';
}

error_reporting(E_ALL);

?>
</body>
</html>

 

Link to comment
Share on other sites

Now correcting the path and then running the script from browser throws below error:

Quote

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

 

Link to comment
Share on other sites

While hosting provider is in the process of enabling php logging (not sure why would it take so long for them to enable), I have a few things to clarify:

Since I am executing get-process.php script (above) from a URL (https://domain.com/wp-content/uploads/get-process.php), can browser allow a script to access local file (powershell.exe) and allow an execution of a script from local folder?

If answer to above question is no then how would someone execute a script on a click of button?

In other words, allowing a browser script to access local files is a security risk.

Thank you.

Edited by niriuic
edited
Link to comment
Share on other sites

Error message as reported in cgi log:

20210427T130408: domain.com/wp-content/uploads/get-process.php
PHP Parse error:  syntax error, unexpected 'pscripta' (T_STRING) in /hermes/bosnacweb01/bosnacweb01au/b375/ipg.acc56021/wp_site_1618028062/wp-content/uploads/get-process.php on line 33

Link to comment
Share on other sites

What do you mean browser script? PHP is server side only. It cannot see anything on the client side (javascript). As a matter of security, a browser will not execute programs on the client.

You need to look around line 33 in that script for a syntax error. It may occur before line 33.

Link to comment
Share on other sites

You can't execute a powershell script on the end-user's machine if that's what you're trying to ask.   If you want the end-user to be able to trigger the script on your server then you just make a request the PHP script which will then execute the powershell script.  You can make that request with a simple link or form button or you could do it via javacript in the background.

 

Link to comment
Share on other sites

Yes that's true - we have shifted our front-end code using css html and javascript. It's just the server side code that retrieves data and show to user.

On a side note, I was curious to see a working example of javascript authenticating against an office 365 Tenant and then retrieving mailbox information.

Thank you.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.