run remote shell command from browser

tubbadu

New Member
Joined
Aug 15, 2021
Messages
1
Reaction score
0
Credits
15
Hi, I need to run a command on my linux pc, by pressing a button on a html file stored in the pc, but accessing it with my android smartphone, connected to the same network.

to help understand better:
on the PC there is index.html, which looks like this:
HTML:
<!DOCTYPE html>
<html lang="">
<head>
    <meta charset="utf-8">
    <title></title>
</head>
<body>
    <header></header>
    <main>

        
        <script type="text/javascript">
            function execute()
            {
                var cmd = document.getElementsByName('cmd')[0].value;
                // run cmd in remote linux machine
            }
        </script>

        <form name="casellaTesto" method="post">
            <input type="text" name="cmd" value="echo 'ciao'" size="50">
            <input type="button" value="exec" onclick="execute()">
        </form>
        
    </main>
    <footer></footer>
</body>
</html>

running "python3 -m http.server 8000" I'm able to access the file from my android browser.
whenever I click the button, I need my pc to run a shell command (the cmd variable, for instance)

do you know how can I achieve this? thanks in advance!

PS: I don't need a remote shell, I'm looking for a way to run a command from an html file :D
 


The premise of what you ask is inherently dangerous.

That said, you're running a Python HTTP server. You need to submit the command to the server and have the server act on it. So where you are grabbing the cmd with document.getElementsByName('cmd'). You need to pass that back to the server and have it execute it.

I still urge you against that. You would be better offer creating all the commands you are interested in possibly executing, then just pass which command to execute. What you're doing here would likely allow them to access almost anything.
 
What are you actually wanting to achieve by doing this, there are probably better and safer solutions than how you are trying to do it now. Since this page would be world accessible anyone could run that command on your system by going to that page.
 
Part of the problem might be that you’re trying to run cmd, which is windows noddy excuse for a terminal, Ha ha!

However, replacing cmd with bash will not make any difference in this instance. It’s still not going to do what you want.

Normally to do things like this, you need to have some kind of web service/micro-service with a REST API running on the server. Your web page should post a request to the API. Then the API should run whatever scripts/code it needs to, on the server-side and then return the results to the browser/client.

This is a link to a tutorial which helps you to create simple micro-service, with a REST API in Python:

Once you have a service up running, you can modify it and its API, to do whatever it is you’re trying to do. And you can create a simple html web page that will allow you to interact with the API.

But as the others have warned, beware of what you allow the service to do!
Also, make sure your service properly validates and range checks all data it receives. Otherwise users could exploit any weaknesses/vulnerabilities in your service and you would be completely pwned in no time! Ha ha!
 

Members online


Top