run remote shell command from browser

tubbadu

New Member
Joined
Aug 15, 2021
Messages
1
Reaction score
0
Credits
15
Hi, I need to run a command on my linux pc, by pressing a button on a html file stored in the pc, but accessing it with my android smartphone, connected to the same network.

to help understand better:
on the PC there is index.html, which looks like this:
HTML:
<!DOCTYPE html>
<html lang="">
<head>
    <meta charset="utf-8">
    <title></title>
</head>
<body>
    <header></header>
    <main>

        
        <script type="text/javascript">
            function execute()
            {
                var cmd = document.getElementsByName('cmd')[0].value;
                // run cmd in remote linux machine
            }
        </script>

        <form name="casellaTesto" method="post">
            <input type="text" name="cmd" value="echo 'ciao'" size="50">
            <input type="button" value="exec" onclick="execute()">
        </form>
        
    </main>
    <footer></footer>
</body>
</html>

running "python3 -m http.server 8000" I'm able to access the file from my android browser.
whenever I click the button, I need my pc to run a shell command (the cmd variable, for instance)

do you know how can I achieve this? thanks in advance!

PS: I don't need a remote shell, I'm looking for a way to run a command from an html file :D
 


dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
336
Credits
3,199
The premise of what you ask is inherently dangerous.

That said, you're running a Python HTTP server. You need to submit the command to the server and have the server act on it. So where you are grabbing the cmd with document.getElementsByName('cmd'). You need to pass that back to the server and have it execute it.

I still urge you against that. You would be better offer creating all the commands you are interested in possibly executing, then just pass which command to execute. What you're doing here would likely allow them to access almost anything.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,462
Reaction score
3,168
Credits
32,355
What are you actually wanting to achieve by doing this, there are probably better and safer solutions than how you are trying to do it now. Since this page would be world accessible anyone could run that command on your system by going to that page.
 

JasKinasis

Well-Known Member
Joined
Apr 25, 2017
Messages
1,451
Reaction score
2,057
Credits
10,088
Part of the problem might be that you’re trying to run cmd, which is windows noddy excuse for a terminal, Ha ha!

However, replacing cmd with bash will not make any difference in this instance. It’s still not going to do what you want.

Normally to do things like this, you need to have some kind of web service/micro-service with a REST API running on the server. Your web page should post a request to the API. Then the API should run whatever scripts/code it needs to, on the server-side and then return the results to the browser/client.

This is a link to a tutorial which helps you to create simple micro-service, with a REST API in Python:

Once you have a service up running, you can modify it and its API, to do whatever it is you’re trying to do. And you can create a simple html web page that will allow you to interact with the API.

But as the others have warned, beware of what you allow the service to do!
Also, make sure your service properly validates and range checks all data it receives. Otherwise users could exploit any weaknesses/vulnerabilities in your service and you would be completely pwned in no time! Ha ha!
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Latest posts

Top