so i have pondered over this for days, i have tried shell_exec and exec however i cannot tell if a command successfully executed or not, i was originally checking if the returned result was empty however this wouldn't work for a command like touch.
here are some example commands, i am trying to find out if the commands have successfully executed
touch filename*
iotop
ls
basically any unix command which the system supports.
here is my current code:
$command = exec('sshpass -p '.$ssh_password.' ssh -o StrictHostKeyChecking=no root@'.$scan.' '.$usr_command_get,$returned);
//var_dump($command);
echo "
";
var_dump($returned);
if($command == null){
echo "no bloody error call back
";
}else{
echo " success
";
echo $command;
}
Apologies for the messy code when i get time i am going to rewrite this so its alot nicer on the eyes and much better performance, anyway here is a working result for now to anyone who is looking to do what i was trying to do.
<?PHP
$failed_password_list = array('test','test1','test2','test3','test4','password');
$failed_password_array_count = count($failed_password_list);
error_reporting(0);
echo "\033[35m";
echo "Type in the Subnet you want to scan: ";
$handle = fopen ("php://stdin","r");
$line = fgets($handle);
$input_ip = trim($line);
echo "\033[36m";
echo "Type in the command you want to run: ";
$usr_command_query = fopen ("php://stdin","r");
$usr_command_get = fgets($usr_command_query);
echo "\033[35m";
echo "executing";
echo "\033[0m
";
if(filter_var($input_ip, FILTER_VALIDATE_IP) === FALSE){
echo "Error Ip is not valid please enter a valid ip";
}else{
echo "\033[32m";
$i = 0;
//$p = 40;
$input = $input_ip;
$test = explode(".",$input);
$ssh_password = "password";
$executed = 0;
$online = 0;
$found_windows=0;
$found_linux=0;
while($i < 10){
$scan = $test[0].".".$test[1].".".$test[2].".".$i;
exec("ping -c 2 " . $scan, $output, $result);
if ($result == 0){
$online++;
echo $scan." is online now finding OS
";
$nmap_execute = shell_exec('nmap -O '.$scan);
$find_port = '22/tcp';
$port_pos = strpos($nmap_execute, $find_port);
$end = $port_pos+25;
$new = substr($nmap_execute,$port_pos, +25);
$find_ssh = 'ssh';
$ssh_pos = strpos($new, $find_ssh);
$end_index = $ssh_pos+3;
$sub = substr($new, 0, $end_index);
$result= str_replace(' ', '', $sub);
$find_linux = 'gnu)';
$linux_pos = strpos($nmap_execute, $find_linux);
$linux_end = $linux_pos-20;
$linux = substr($nmap_execute,$linux_end, +23);
$find_windows = 'Running:';
$windows_pos = strpos($nmap_execute, $find_windows);
$not_wanting = "OS details:";
$not_wanting_pos= strpos($nmap_execute,$not_wanting);
$windows_end = $not_wanting_pos;
$windows_start = $windows_pos;
$endthis = $not_wanting_pos - $windows_pos;
$windows = substr($nmap_execute,$windows_start, +$endthis);
if($windows_pos == TRUE){
echo "OS found!
";
echo "\033[0m ";
echo "\033[33m ".$scan." | Not Executing scripts | windows | ".$windows." \033[0m
";
$found_windows++;
}elseif($linux_pos == TRUE){
$found_linux++;
echo "OS found!
" ;
echo "\033[32m Unix | ".$linux."
";
echo "Checking if port 22 is open
";
if($result === "22/tcpopenssh") {
echo "Port 22 is open, connecting to remote server with credentials username:root password:
";
$returncode_failed ="";
if($returncode_failed > 0 or $returncode_failed == null){
$password_failed = 1;
$failed_count = 0;
//$failed_password_array_count = 6;
while( ($password_failed > 0) && ($failed_count < $failed_password_array_count)){
$command = exec('sshpass -p '.$failed_password_list[$failed_count].' ssh -o StrictHostKeyChecking=no root@'.$scan.' '.$usr_command_get,$myoutput,$returncode_failed);
// var_dump($returncode_failed);
$failed_count++;
echo "trying next password
";
if($returncode_failed == 0){
echo "Houstan we have launch!
the result is
";
var_dump($myoutput);
$executed++;
break;
}else{
$password_failed = 1;
}
}
echo "
we have connected and executed the return code was ".$returncode_failed."
";
}
else{
echo " error";
}
echo "\033[0m ";
}else{
echo"\033[31m".$scan." Port 22 not open \033[0m
";
}
}else{
echo "\033[31m Error doesnt seem to be a Windows or Linux system \033[0m
";
}
}
else{
echo"\033[31m".$scan." is non contactable \033[0m
";
}
$i++;
}
if($executed > 0){
echo "\033[33m Executed on ".$executed." out of the ". $online." Machines online \033[0m
";
echo "\033[33m Total Windows based machines found ".$found_windows." \033[0m
";
echo "\033[33m Total Linux based machines found ".$found_linux." \033[0m
";
}else{
echo("\033[33m Failed to execute on any machine
");
echo "\033[33m Executed on ".$executed." out of the ". $online." Machines online \033[0m
";
echo "\033[33m Total Windows based machines found ".$found_windows." \033[0m
";
echo "\033[33m Total Linux/Unix based machines found ".$found_linux." \033[0m
";
}
}
?>