所以我好好思考了几天, 我已经尝试过shell_exec和exec然而我无法判断一个命令是否成功执行,我最初检查返回的结果是否为空但是这对于触摸等命令不起作用。
这里有一些示例命令,我试图找出命令是否已成功执行
触摸文件名*
iotop
LS
基本上是系统支持的任何unix命令。
这是我目前的代码:
$command = exec('sshpass -p '.$ssh_password.' ssh -o StrictHostKeyChecking=no root@'.$scan.' '.$usr_command_get,$returned);
//var_dump($command);
echo "\n";
var_dump($returned);
if($command == null){
echo "no bloody error call back\n";
}else{
echo " success\n";
echo $command;
}
答案 0 :(得分:0)
当我有时间的时候我会为这个杂乱的代码道歉我会改写它,因此它的眼睛更好,性能更好,无论如何这里是一个工作结果,现在对任何想要做我想做的事情的人做。
<?PHP
$failed_password_list = array('test','test1','test2','test3','test4','password');
$failed_password_array_count = count($failed_password_list);
error_reporting(0);
echo "\033[35m";
echo "Type in the Subnet you want to scan: ";
$handle = fopen ("php://stdin","r");
$line = fgets($handle);
$input_ip = trim($line);
echo "\033[36m";
echo "Type in the command you want to run: ";
$usr_command_query = fopen ("php://stdin","r");
$usr_command_get = fgets($usr_command_query);
echo "\033[35m";
echo "executing";
echo "\033[0m\n";
if(filter_var($input_ip, FILTER_VALIDATE_IP) === FALSE){
echo "Error Ip is not valid please enter a valid ip";
}else{
echo "\033[32m";
$i = 0;
//$p = 40;
$input = $input_ip;
$test = explode(".",$input);
$ssh_password = "password";
$executed = 0;
$online = 0;
$found_windows=0;
$found_linux=0;
while($i < 10){
$scan = $test[0].".".$test[1].".".$test[2].".".$i;
exec("ping -c 2 " . $scan, $output, $result);
if ($result == 0){
$online++;
echo $scan." is online now finding OS \n";
$nmap_execute = shell_exec('nmap -O '.$scan);
$find_port = '22/tcp';
$port_pos = strpos($nmap_execute, $find_port);
$end = $port_pos+25;
$new = substr($nmap_execute,$port_pos, +25);
$find_ssh = 'ssh';
$ssh_pos = strpos($new, $find_ssh);
$end_index = $ssh_pos+3;
$sub = substr($new, 0, $end_index);
$result= str_replace(' ', '', $sub);
$find_linux = 'gnu)';
$linux_pos = strpos($nmap_execute, $find_linux);
$linux_end = $linux_pos-20;
$linux = substr($nmap_execute,$linux_end, +23);
$find_windows = 'Running:';
$windows_pos = strpos($nmap_execute, $find_windows);
$not_wanting = "OS details:";
$not_wanting_pos= strpos($nmap_execute,$not_wanting);
$windows_end = $not_wanting_pos;
$windows_start = $windows_pos;
$endthis = $not_wanting_pos - $windows_pos;
$windows = substr($nmap_execute,$windows_start, +$endthis);
if($windows_pos == TRUE){
echo "OS found! \n";
echo "\033[0m ";
echo "\033[33m ".$scan." | Not Executing scripts | windows | ".$windows." \033[0m\n";
$found_windows++;
}elseif($linux_pos == TRUE){
$found_linux++;
echo "OS found! \n" ;
echo "\033[32m Unix | ".$linux." \n ";
echo "Checking if port 22 is open\n";
if($result === "22/tcpopenssh") {
echo "Port 22 is open, connecting to remote server with credentials username:root password: \n";
$returncode_failed ="";
if($returncode_failed > 0 or $returncode_failed == null){
$password_failed = 1;
$failed_count = 0;
//$failed_password_array_count = 6;
while( ($password_failed > 0) && ($failed_count < $failed_password_array_count)){
$command = exec('sshpass -p '.$failed_password_list[$failed_count].' ssh -o StrictHostKeyChecking=no root@'.$scan.' '.$usr_command_get,$myoutput,$returncode_failed);
// var_dump($returncode_failed);
$failed_count++;
echo "trying next password \n";
if($returncode_failed == 0){
echo "Houstan we have launch! \n the result is \n";
var_dump($myoutput);
$executed++;
break;
}else{
$password_failed = 1;
}
}
echo "\n \n \n we have connected and executed the return code was ".$returncode_failed."\n";
}
else{
echo " error";
}
echo "\033[0m ";
}else{
echo"\033[31m".$scan." Port 22 not open \033[0m\n";
}
}else{
echo "\033[31m Error doesnt seem to be a Windows or Linux system \033[0m \n";
}
}
else{
echo"\033[31m".$scan." is non contactable \033[0m \n";
}
$i++;
}
if($executed > 0){
echo "\033[33m Executed on ".$executed." out of the ". $online." Machines online \033[0m \n";
echo "\033[33m Total Windows based machines found ".$found_windows." \033[0m \n";
echo "\033[33m Total Linux based machines found ".$found_linux." \033[0m \n";
}else{
echo("\033[33m Failed to execute on any machine \n");
echo "\033[33m Executed on ".$executed." out of the ". $online." Machines online \033[0m \n";
echo "\033[33m Total Windows based machines found ".$found_windows." \033[0m \n";
echo "\033[33m Total Linux/Unix based machines found ".$found_linux." \033[0m \n";
}
}
?>