Re: System call

AnrDaemon wrote:
Greetings, Jerry Stuckle.
In reply to Your message dated Wednesday, June 25, 2008, 15:54:07,

when i tryed this
exec("C:\\Admin_Works\\Admin.bat");
it prints the two line form the admin.bat file
Read PHP manual about "exec" and other program execution functions.
If you do not have a "@" prepending lines in your bat file, or "echo off" as
first line, CMD will print out content of bat file. That's what you got.

exec() executes a program. A .bat file is not a program. You need to
either execute the command processor (cmd.exe) and pass your .bat filename as a parameter, or use the system() function.
As I said many times already, please test before posting answers.
.bat files actually executable in Windows (special processing rule).
And it is what OP got - his bat file was executed by CMD and he got the .bat
file contents echoed back.

[C:\]$type exectest.php
<?php

$rc = exec('C:\exectest.bat');

echo "Result is >{$rc}<";

?>
[C:\]$type exectest.bat
@echo Testtestetst...

[C:\]$exectest.php
Result is >Testtestetst...<

[C:\]$


Believe me - I know how it works. I suspect I've working with it a hell of a lot longer than you - I got one of the original IBM PC's with Dos 1.0 over 25 years ago.
It was your first PC? How young you are then?


I didn't say that, stoopid.

So, you're younger then? No surprize for me.
You're operating like 14-years young teenager, who has no luck with girls and
playing Big Dad in internet to support his own ego.
Glad to be wrong, but it's highly unlikely...


ROFLMAO! I'm probably old enough to be your father. I'll bet I've been programming longer than you've been alive. And I KNOW I know more about proper security measures than you do. You've proven it right here.

What you say is true - depending on what other options are set.
It just true, without any "depending"s...
Please TEST it.


No, it "depends" - on how you have your system configured. Someone else with a differently configured system will not work the same way. Or is that too hard for your limited intelligence to understand?

At least it does work for OP and me, so your big knowledge about system
configurations have no application here.


No, it didn't work for the op. Which is why he went another route. And that's fine if your system is so insecure that it works for you. But don't try to tell everyone else how to make their system so insecure.

But he also indicated that was the ONLY output he got.
Then it was problem with his batch file or misunderstanging of the way the
exec function works.
But it has nothing to do with PHP itself.


So now you're backpedaling - saying that you're answer was full of ***? Know what? You're RIGHT!

Sorry, what "backpedaling" means? My answer was as clear as possible with such
lack of info.


ROFLMAO. You are backpedaling again. If you're going to use English, learn the language!

And .BAT files are executed ONLY if special rules are set.
As far as I know, they are set by default. At least, I haven't entered the
situation, when I can't "execute" .bat file from PHP.


AS FAR AS YOU KNOW.

Only God know everything. I'm not even close to his majesty. And you too.
Period.


No, you are a far cry from knowing ANYTHING.

But you've already shown you don't know a lot - repeatedly.
It would take less than 30 seconds and your system would not be able to
execute .bat files with the exec() function.

It takes less than 2 seconds and any system will not be able to execute even
.com files. Not to mention .exe ones.
We are speaking about working system or in some way castrated one?


Yes, and security considerations mean this would NOT be possible. But we already know you know nothing about security - along with anything else.

And, in fact, that modification is recommended for secure systems so people
can't easily sneak in rogue .bat fails.

If you mean this one
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/RegistryTips/Commandshell/DisableWindows2000XPcommandpromtandexecutionofbatchfiles.html I'm considering this the same way as disabling regedit and other tools -
malicious action that must be closely revieved and source of that action -
killed. (Preferable physically)
If I want real system security, I'm giving real rights to accounts, so they
will never be able to produce any effects that may destroy system stability.
Their own accounts they may shake and spin as long as they want. It's, at
last, their right - to have freedom in their own place.


No, that's not at all what I'm talking about. I'm talking about serious security. But you wouldn't understand that that means.


system() ALWAYS can execute a .bat file.
So, as usual, you are showing your limited intelligence and experience, because what you say is valid only under certain conditions.
My example ^^^ above. You showed nothing to prove your words.
Who is right? One who tested.



I don't need to prove anything to someone as stoopid as you are. And even when I do, you dismiss them.

If you are so displeased, please meet your mirror and take a closer look at
it. I think your face will be the better medicine for your ego.
If you do not have anything to defend your position, other than isulting
speech - STFU. If you are ready for constructive conversation - you'll find me
here.


ROFLMAO. Get your head out of your ass and learn something. I won't STFU as long as you're spreading your CRAP to programmers who don't know any better.

Secure your system properly and your "answer" will not work.

I have it secured properly. If you think my security is just a joke - come
here and break it.



No, you have already shown you know NOTHING about security.

Face it - you're a stoopid idiot, trying to make people think you know something. But those who DO know ANYTHING know better.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Quantcast