«
»

Bash: Shell over highly-guarded HTTP


You got 2 Linux/Unix PCs across the country, and between them are two big firewalls and proxies.
So each one can basically only send HTTP-Requests to the Internet, not directly to each other.

Having a little php script on a webserver, I wrote 2 shell scripts so one can interact across this connection.

The script for the machine you want to control:


#!/bin/bash
# The client's script
SERVER="http://<fill in server adress>/exchange.php"
GETURL=$SERVER"?mode=get&what=commands"
TARGETURL=$SERVER"?mode=gather&what=output"
TMP=/tmp/O-zero.1
while sleep 3
do
wget --quiet --output-document - ${GETURL} |
sed 's/\r$//'
done |
bash 2>&1 3>&1 4>&1 5>&1 |
while sleep 1
do
# We don't want every line in a seperate request
# So we group them:
{
echo -n "a="
while read -t 2 line
do
echo "$line"
done
} > $TMP
# Send output if we have some
if [[ $(wc -c <$TMP) != "2" ]]; then
wget --quiet --post-file $TMP --output-document - $TARGETURL
fi
done

The script for the operator:


#!/bin/bash
# The operator's script
SERVER="http://<fill in server adress>/exchange.php"
GETURL=$SERVER"?mode=get&what=output"
TARGETURL=$SERVER"?mode=gather&what=commands"
TMP=/tmp/O-zero.2
while sleep 3
do
wget --quiet --output-document - ${GETURL} |
sed 's/\r$//'
done &
while read line;
do
echo "a=$line" > $TMP
wget --quiet --post-file $TMP --output-document - $TARGETURL
done
wait

The script on the Webserver (commands.txt and output.txt must be writeable).


<?php
header('Content-Type: text/plain');
if($_GET['what'] === 'commands')
$file = 'commands.txt';
if($_GET['what'] === 'output')
$file = 'output.txt';
if($_GET['mode'] === 'gather' && !empty($file)){
$fd = fopen($file,"a");
@fwrite($fd,$_POST['a']);
}
if($_GET['mode'] === 'get' && !empty($file)){
echo join(file($file));
$fd = fopen($file,"w");
}
?>

This entry was posted on Thursday, February 8th, 2007 and is filed under fun with Linux. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. #1 by xLeitix on August 1st, 2010

    … insecure, isn’t it?

    Didn’t have a detailled look on your script, but to me it looks like absolutely anybody can interact with your servers in that way.

    In that case it would be easier to shutdown your firewall entirely and accept that your server will be corrupted in < 5 minutes :-)

    Quote

  2. #2 by JohannesBuchner on May 3rd, 2007

    REPLY:
    Just while brushing my teeth I noticed a way easier way to secure it.
    Assuming HTTPS traffic is allowed (which is reasonable) and your webserver is SSL capable, just let the URIs point to an https:// adress.

    Quote
(will not be published)

  1. No trackbacks yet.