All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How can I run a command visiting a URL?
Hi guys,
I have been looking for a quick and reliable way to run a python script that requires sudo by accessing a URL, but didn't have much luck.
I found a service which might have been a good fit - it's called Webhook Relay - the owner is a great guy and helped me at the beginning, but unfortunately I can't afford to pay for the premium plan, nor I fully understand how to reliably use the service.
Basically, I have a smart lock (Sherlock S2) which has a bluetooth remote. I opened it up and wired the remote to a Raspberry Pi, and I'm using the GPIOs of the RPi to power it and emulate a button press sending "pulses" using a python script (I need to run it with sudo because apparently that's required to control the GPIOs).
TL;DR: what I'd like to achieve is to be able to execute a python script when I visit, let's say, http://192.168.1.2/open_the_door and have the Raspberry Pi open the door.
Is there an easy way to do this? I read about many tools which I don't know how to use (Django and many many others) and I was wondering if there was an easier way or some sort of workaround.
Any help would be greatly appreciated!
Comments
pip3 install flask
python3 filename.py (can just run this as root and ignore the sudo stuff, but holy hell turn off debug mode and protect it, use mtls, use client certs, ip whitelisting, whatever)
curl ip:5000/unguessable_routeprotect_this
"Help, my house is hacked". This close reality is kinda scary.
I have been locked in an office before because a smart lock's cloud service was down
I care about security more than most, but it all depends on the implementation of this too. If done correctly, then the risk of being compromised is no better than accessing anything else online.
That being said, I won't complain too much if someone manages to hack into a vending machine and can trigger it to dispense my favorite snacks for me.
That's a not so smart service then
Always ensure the smart lock has a manual bypass to prevent this from happening.
In my case, I would just carry around a large magnet. Those work wonders for bypassing electronic locks without any key or code.
LOL that reminds me that years ago, before I started learning Python I needed a similar solution (which in my case was simply to store a GET request into a text file).
That was far beyond my skills at that time so I found an example on Google of how to parse GET (and other) requests, and with efforts managed to mix it with another example from Google of how to save a variable to file... It worked eventually.
Fortunately I still have this, so here it is (ignore unnecessary lines lol)
( @479555 you can easily remove text_file lines and do something else with the variable... maybe an 'if' statement which runs your script when self.path[2:] matches something)
If you want I'll make it nicer for you when I wake up
Thanks but I don't really understand what you wrote. I should install flask and then...?
I really appreciate your help but as you can see what you wrote is way out of my league.
Luckily my lock works locally using bluetooth so even if the servers go down I can still operate the lock.
That seems very very unlikely. To do that you need to find someone that knows that I have a smart lock, what type, they have to know that I'm controlling the remote through a Raspberry Pi which is behind a multi NAT which is a nightmare to access, they need to have a valid reason to risk jail time just to have a look at my home, the skills to hack into my network and then figure out how to open the door once inside the RPi.
I mean, it's possible but it's unlikely, I'm fine with the risk.
My lock closes the door mechanically through a key just like a person would do, so I don't think that would be possible.
If you think I could use your method to achieve what I'm trying to do I'd really really appreciate that!
I won't trust a lock from aliexpress...
Well. Opening the doors because the cloud service was down was considered smart, but 100+ robbed houses says otherwise.
Not all locks can be opened with a magnet. Some just need a light tap.
OK here it is for you.
Save this script and run then visit http://IP:8088/?opengate
If 'opengate' is what comes after the question mark then script /root/file.py will execute
Thank you so much! I'll try tonight or tomorrow!
Find the cgi-bin folder for your web server. Put a script in there. Only thing special it needs to do is print Content-Type: text/html first. Can be written in python or anything else.
Based on the little info you've provided, here's a basic shell script:
Assuming you name the file lockdoor.cgi, run chmod a+x lockdoor.cgi
Then you run it by going to http://URL/cgi-bin/lockdoor.cgi
The user that the web server runs under (could be apache, nginx, www, or similar on your system) needs to be allowed run the sudo command. You need a line like:
And also remove the requiretty line in /etc/sudoers.
Actually, anybody that learns the URL to your door lock just needs to create a web-page which quietly causes your browser to make a request to that URL in the background, and get you to visit it by whatever means. e.g. "Hey, look at this funny picture!"
Both motor based and solenoid based electronic locks can be bypassed very easily with a magnet. For the motor based, you have to move the magnet in a circular motion near the motor for it to turn as if power is applied to open the door (like the action of turning a key, where the key is still left in the lock). For solenoid based one, bring it near, and move it in the direction the solenoid would go. That usually unlocks it in a jiffy.
There are known prevention to these by changing the lock design, but smart locks are designed by electronic engineers (like me), not by locksmiths.
And what command does he put into his python script that will "move the magnet in a circular motion near the motor"?
Erm...
I haven't tried the code but it "should" work
You may also run a plain CGI script (written in Bash, Perl, or any glue language, maybe on Apache) to both contract with HTTP and run arbitrary Unix commands.
Just tried, I works but with a latency of about 3 minutes, for some reason. Better than nothing I guess but a bit too much to use it in everyday life.
EDIT: I think it takes some time to "start" at first but then it is istantaneous! This is awesome!
<
pre>
"
Thank you but that's too difficult for me, I don't even know if I have a web server nor what that would be!