post-page

WordPress Shell Hack

2
responses
by
 
on
August 3rd, 2004
in
Cool Scripts, WordPress Hack

Have you ever wished you could issue simple shell commands through your WordPress interface to, say, quickly change the permissions of a file and then change them back or be able to see what processes are active and kill a process? Have you wanted to have SSH access to your server but your web service does not allow that? Do you have “system” enabled for your PHP? I am not sure if that title does this hack justice but here goes.

This will allow a WordPress user to execute simple shell commands and output them to the browser. It is very incredibly simple, very easy to install and very easy to use. To add security, a user has to be authenticated through WordPress before they are allowed to see this page or use it.

You can download the file from here:
http://weblogtoolscollection.com/b2-img/output.zip

To install simply unzip the single file in that zip file, copy it to the root of your blog, log into your blog and point your browser to http://yourblog.com/yourfolder/output.php Now you should be able to type in the command (like ls, ps or chmod) and see the output on your browser.

A word of warning. I have not investigated all the possible security issues with this hack. I suggest renaming the file through FTP after you are done using it if you are afraid for the security of your blog. I know i have disabled mine.

Features:

  • Simple Install
  • Execute simple shell commands
  • Password Protected
  • Can do most “Shell” like tasks such as grep
  • Access shell capabilities from anywhere through a browser

Requirements:

  • Linux server
  • Must have “system” PHP command enabled
  • Must be comfortable with Shell commands, you could possible delete everything in your blog folder with this, so please be careful

As for any such hack that is extremely low level and intrusive, there are no warranties provided or implied and I am not responsible for any damage or breakage this hack might cause. Please use at your own risk.

heading
heading
2
Responses

 

Comments

  1. Ozh (6 comments.) says:

    As I’m more into perl than php, I’m using a perl script to fake non interactive shell commands (CGI Telnet) which has cool features you should think of in future versions, if any, of this output :
    - “persistent” directory (ie “cd this_dir” then “ls” outputs an ls in this_dir, not in your blog root)
    - ability to download files (would be quicker than switching to the admin interface)
    - ability to download files (unprocessed files, that is, like raw php source)

    Anyway it’s a nice start, thanks for it :)

  2. Corey (1 comments.) says:

    I have just found your website great



Obviously Powered by WordPress. © 2003-2013

page counter
css.php