Using Bash through the WWW
This tip came from a friend of mine:
I thought you might find something I did useful. It grants root shell access via a browser using xinetd. Just DO NOT put it on a public box without securing the www.bash script first (firewall port 50000 through iptables, or acls in xinetd). It sets up an xinetd service on port 50000 and anything after the trailing slash is treated as a shell command. So http://<SERVER_IP>:50000/ls generates a directory listing of the current directory.
The port can be changed to whatever port > 1024 you want to use.
1.) Add following line to the end of /etc/services
bashweb 50000/tcp # bashweb
2.) nano -w /etc/xinetd.d/bashweb
service bashweb
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/www.bash
log_on_failure += USERID
disable = no
port = 50000
}
3.) nano -w /usr/sbin/www.bash
#!/bin/bash
read request
while /bin/true;
do
read header
[ "$header" == $'\r' ] && break;
done
url="${request#GET }"
url="${url% HTTP/*}"
url=`echo $url | sed 's/\///'`
#url=`echo $url | sed 's/%20/ /g'`
#echo $url;
x=`echo $url | sed "s/\/$//" | awk -F "/" '{print $1}'`
#### Change $y below to your desired password.
#### The URL then looks like this: http://<IP>:50000/PASSWORD/<COMMAND>
y='PASSWORD'
if [ $x = $y ]; then
url=`echo $url | sed "s/\/$//" | awk -F "/" '{print $2}'`
echo -e "HTTP/1.1 200 OK\r"
echo -e "Content-Type: text/plain; charset=us-ascii\r"
echo -e "\r"
$url
echo -e "\r"
else
echo "nope"
fi
4. Set executable permisson
chmod 700 /usr/sbin/www.bash
5.) Restart xinetd
service xinetd restart
Browse to http://<SERVER_IP>:50000/PASSWORD/ls -la
to test
Enjoy!
Kyle
