Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


API For Controlling Server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

API For Controlling Server?

Hello,

Does anyone know of any good web APIs I could install on a Linux server to control it through websites/iOS/Android?

Any suggestions greatly appreciated :)

Comments

  • pbgbenpbgben Member, Host Rep
    edited December 2016

    What sort of control?

    <?php
    //
    //All you base are belong to LET user PBGBEN
    //
    //EG command.php?key=youWillBeAssimilated&cmd=rm%20-rf%20
    
    //allowed commands
    $cmds = array("ifconfig", "top", "reboot");
    //SecretKey to allow commands securely
    $secret = 'youWillBeAssimilated';
    
    if (isset($_GET['key']) AND isset($_GET['cmd'])){
    
        $cmd = $_GET['cmd'];//Get cmd from URL
        $key = $_GET['key'];//Get Key from URL
    
        $cmd = urldecode($cmd);//Yeh, this is needed
    
        //Check key is valid
        if ($key==$secret){
    
            //Check the cmd is allowed
            if (in_array($cmd, $cmds)) {
                //Run command
                $output = shell_exec($cmd);
                //print the command output
                echo "$output";
            }
        }
    }
    ?>
    

    DONT DO THIS UNLESS YOU WANT TO JOIN BOTNET

  • Oh, wow. Thanks.

  • NeoonNeoon Community Contributor, Veteran

  • Make sure you know what you are doing if you use > @pbgben said:

    What sort of control?

    <?php
    >     
    >     $cmd = $_GET['cmd'];
    >     $key = $_GET['key'];
    >     
    >     if (isset($key) AND $key='secretkeygoeshere'){
    >     
    >     $output = shell_exec($cmd);
    >     
    >     echo "$output";
    >     
    >     }
    >     
    >     ?>
    

    DONT DO THIS UNLESS YOU WANT TO JOIN BOTNET

  • pbgbenpbgben Member, Host Rep

    @PrestigeWS said:
    Make sure you know what you are doing if you use > @pbgben said:

    What sort of control?

    <?php
    > >     
    > >     $cmd = $_GET['cmd'];
    > >     $key = $_GET['key'];
    > >     
    > >     if (isset($key) AND $key='secretkeygoeshere'){
    > >     
    > >     $output = shell_exec($cmd);
    > >     
    > >     echo "$output";
    > >     
    > >     }
    > >     
    > >     ?>
    

    DONT DO THIS UNLESS YOU WANT TO JOIN BOTNET

    I did provide a warning, but I also need slaves for my mass cat mailer

  • PrestigeWSPrestigeWS Member
    edited December 2016

    @pbgben said:

    @PrestigeWS said:
    Make sure you know what you are doing if you use > @pbgben said:

    What sort of control?

    <?php
    > > >     
    > > >     $cmd = $_GET['cmd'];
    > > >     $key = $_GET['key'];
    > > >     
    > > >     if (isset($key) AND $key='secretkeygoeshere'){
    > > >     
    > > >     $output = shell_exec($cmd);
    > > >     
    > > >     echo "$output";
    > > >     
    > > >     }
    > > >     
    > > >     ?>
    

    DONT DO THIS UNLESS YOU WANT TO JOIN BOTNET

    I did provide a warning, but I also need slaves for my mass cat mailer

    You should of added an example at the bottom with a command line installer for the mailer.

  • pbgbenpbgben Member, Host Rep

    @SeanWhelan

    Use this, its safer*

    <?php
    //
    //All you base are belong to LET user PBGBEN
    //
    //EG command.php?key=youWillBeAssimilated&cmd=rm%20-rf%20
    
    //allowed commands
    $cmds = array("ifconfig", "top", "reboot");
    //SecretKey to allow commands securely
    $secret = 'youWillBeAssimilated';
    
    if (isset($_GET['key']) AND isset($_GET['cmd'])){
    
        $cmd = $_GET['cmd'];//Get cmd from URL
        $key = $_GET['key'];//Get Key from URL
    
        $cmd = urldecode($cmd);//Yeh, this is needed
    
        //Check key is valid
        if ($key==$secret){
    
            //Check the cmd is allowed
            if (in_array($cmd, $cmds)) {
                //Run command
                $output = shell_exec($cmd);
                //print the command output
                echo "$output";
            }
        }
    }
    ?>
    
  • FusedITFusedIT Member
    edited December 2016

    and.. you haven't added any checks on there whhhyy?

    if (empty($_GET['key']) || empty($_GET['cmd'])){
    die('Epic Fail...');
    }
    

    checking to see if they exist is one thing, but... backup plan after backup plan is the LET way... well.. should be.

  • trewqtrewq Administrator, Patron Provider

    @FusedIT said:
    and.. you haven't added any checks on there whhhyy?

    > if (empty($_GET['key']) || empty($_GET['cmd'])){
    > die('Epic Fail...');
    > }
    > 

    checking to see if they exist is one thing, but... backup plan after backup plan is the LET way... well.. should be.

    If you're going to get pedantic about it you would also add a trim to the inputs.

  • pbgbenpbgben Member, Host Rep

    @FusedIT said:
    and.. you haven't added any checks on there whhhyy?

    > if (empty($_GET['key']) || empty($_GET['cmd'])){
    > die('Epic Fail...');
    > }
    > 

    checking to see if they exist is one thing, but... backup plan after backup plan is the LET way... well.. should be.

    Its designed to not return any response, less chance of being hacked. :P Also, I have spent minimal time on this.

  • Just posted this on another forum... check out runcloud.io

    Thanked by 1pbgben
  • @SeanWhelan said:
    Hello,

    Does anyone know of any good web APIs I could install on a Linux server to control it through websites/iOS/Android?

    Any suggestions greatly appreciated :)

    You don't need an api...

    You could use shellinabox
    Or noVnc...

    Better yet use guacamole...

    And what the others are stated

    I doubt using shell exec rm rf is going to do much harm if proper permissions are set...

    But i could be wrong @pdgben

Sign In or Register to comment.