BeBot - An Anarchy Online and Age Of Conan chat automaton
Development => Coding and development discussion => Topic started by: Tomate on May 03, 2010, 11:43:13 pm
-
Hey there!
I know this is HIGHLY unsafe and stuff, but I want to try it anyway:
Running bash-commands from Bot.
This is what I tried so far:
<?php
/*
Versuch: system();-Kommandos via Bot
*/
$bash = new bash($bot);
/*
The Class itself...
*/
class bash Extends BaseActiveModule
{
var $bot;
var $bash;
var $returnstr;
/*
Constructor:
Hands over a referance to the "Bot" class.
*/
function __construct (&$bot)
{
parent::__construct(&$bot, get_class($this));
$this -> register_command("all", "bash", "SUPERADMIN");
$this -> help['description'] = 'linux bash';
$this -> help['command']['beer']="bash";
}
function command_handler($name, $msg, $origin)
{
$output = "";
if (preg_match("/^bash$/i", $msg, $info))
{
$output = $this -> get_bash($name);
}
return $output;
}
/*
This gets called on a msg in the guildchat with the command
*/
function irc($name, $msg)
{
$returnstr = $this -> get_bash($name);
$this -> bot -> send_gc($returnstr);
$this -> bot -> send_irc("", "", "3" . $returnstr);
}
/*
Build response
*/
function get_bash($name)
{
$returnstr = system($name);
return $this -> bot -> core("tools") -> make_blob("Output", $returnstr);
}
}
?>
(Yes, I used !chuck as the base :D)
It seems to be working if I hardcode the command it is executing, however it doesn't accept any on-the-fly commands (am I correct in believing $name contains the commands given after !bash?).
What did I do wrong?
I'm kindof a PHP newbie, so please don't be too technical :)
-
best way to find out would be to put an echo statement at the top of your get_bash() method:
echo "$name\n";
-
It doesn't output anything :( Any ideas?
-
Figured it out myself ;)
That's my code now:
<?php
/*
Versuch: system();-Kommandos via Bot
*/
$bash = new bash($bot);
class bash Extends BaseActiveModule
{
var $bot;
var $bash;
var $returnstr;
function __construct (&$bot)
{
parent::__construct(&$bot, get_class($this));
$this -> register_command("all", "bash", "SUPERADMIN");
$this -> help['description'] = 'linux bash list';
$this -> help['command']['beer']="bash list";
}
function command_handler($name, $msg, $source)
{
$this->error->reset();
$args = $this->parse_com($msg, array('com','args'));
$retstr = system($args["args"]);
return $retstr;
}
}
?>
However, it only displays ONE line of the sh output. Any ideas?
Thanks in advance
-
First, do not use wildcard commands. Predefine what commands you will allow to prevent exploite like "!shell rm -rf /*"
Second, use blob to return more then one line.
$retstr = system("uptime");
return ($this -> bot -> core("tools") -> make_blob("Bash result", $retstr));
-
I will improve the module in security aspects etc., but first I want core functionality.
According to the PHP manual the system(); command will only output the last line.
I need to use shell_exec(); instead. It works perfectly now.
Here's my result:
<?php
/*
Versuch: system();-Kommandos via Bot
*/
$bash = new bash($bot);
class bash Extends BaseActiveModule
{
var $bot;
var $bash;
var $returnstr;
function __construct (&$bot)
{
parent::__construct(&$bot, get_class($this));
$this -> register_command("all", "bash", "SUPERADMIN");
$this -> help['description'] = 'linux bash list';
$this -> help['command']['beer']="bash list";
}
function command_handler($name, $msg, $source)
{
$this->error->reset();
$args = $this->parse_com($msg, array('com','args'));
$retstr = shell_exec($args["args"]);
return "Kommando ausgeführt. ".$this -> bot -> core("tools") -> make_blob("Ausgabe", $retstr);
}
}
?>
Thanks for your help!