DOS Prompt in I.E.

S

Scott McNair

I came up with this the other day while playing. Basically it puts an
I.E. wrapper around a DOS prompt. There are a few things to note:

1. It cannot handle any programs that require input, or any programs
that require a CTRL-C to exit. If you do this, you'll have to run an
IISRESET.
2. It cannot handle any programs that trigger a window. Again, if you
do you'll have to run IISRESET.
3. It doesn't do commands (e.g. DIR, MD, CD) but it will run programs
(IPCONFIG, PING, NETSTAT)
4. This app EXPOSES YOUR COMPUTER and as such is a potential back-door
for malicious entry, if somebody happened to stumble across the page and
run the right programs. As a result, you should take the highest
possible precautions to secure the page if you plan to keep it on a live
box. I personally have NT Auth set up for the page.
5. This page won't even come close to working in Netscape, so don't even
try.
6. Either name it HyperDOS.asp, or change the references to the name in
the page.

I'm interested in any feedback you can provide, as well as any
suggestions to fix or lessen notes 1-3.

==========

<%
Option Explicit

Select Case Request("Action")
Case ""
%>
<html>
<head>
<title>HyperDOS</title>
</head>

<frameset rows="10%, 90%" border=0>
<frame id=StdIn name=StdIn scrolling="no">
<frame id=StdOut name=StdOut src="?
Action=Main">
</frameset>
</html>
<%
Case "Main"
%>
<html>
<head>
<script language="VBScript">
Function Main()
Print "<b>HyperDOS v0.01a</b>"
Print "Designed 2003 by Scott
McNair"
Print "Type 'DISCLAIMER' for
legal information."

Input.focus()
End Function

Function ParseData()
txtInput = Input.value
Input.value = ""
Path.style.display="none"
Input.style.display="none"

Print "&gt; " & txtInput
txtInput = lcase(txtInput)

If LCase(txtInput)
="disclaimer" Then
Print "<b>HyperDOS</b>
provides a front-end to Windows command prompt. If you put this page on
your web server, please " &_
"keep in mind that
you're providing a potential back door for people to come in and
delete/create/modify files " &_
"on your computer.
Please make sure to take appropriate precautions."

document.location.href="#bottom"
txtLastInput =
txtInput

Path.style.display="inline"

Input.style.display="block"
Input.focus()
Exit Function
End If


parent.StdIn.location.href="HyperDOS.asp?Action=Drill&Command=" &
txtInput
End Function

Function Print(MyText)
txtOutput.innerHTML =
txtOutput.innerHTML & "<div style='border:solid black
1px;color:white'>" & MyText & "</div>"
End Function
</script>
</head>

<body onload="Main()" style="font-
family:courier;background-color:black;color:white">
<div name=txtOutput id=txtOutput></div>
<span name=Path id=Path>&gt;&nbsp;</span>
<input type=text name=Input id=Input
style="width:500px;border:none;font-
family:courier;height:20px;color:White;background-color:black;"
onkeypress="If window.event.keyCode = 13 Then ParseData()">
<a name="bottom"></a>
</body>
</html>
<%
Case "Drill"
Dim Command : Command=Request("Command")
Dim objShell, objWshScriptExec, objStdOut, strLine
Set objShell = Server.CreateObject("WScript.Shell")

On Error Resume Next
Set objWshScriptExec = objShell.Exec (Command)
'The command line
Set objStdOut = objWshScriptExec.StdOut 'Reads
the output from the command
%>
<html>
<head></head>
<body>
<%
If objStdOut Then
While Not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
strLine = Left(strLine,Len
(strLine)-1) & "<br>"
strLine = Replace
(strLine,"""","&quot;")
Response.Write "<script
language=VBScript>" & vbcrlf
%>

parent.StdOut.txtOutput.innerHTML =
parent.stdOut.txtOutput.innerHTML & "<div style='border:solid black
1px;color:white'><%=strLine%></div>"

parent.StdOut.document.body.doScroll(down)
<%
' Response.Write "Print """ &
strLine & """" & vbcrlf
Response.Write "</script>" &
vbcrlf
Response.Flush
Wend
End If
On Error Goto 0
%>
<script language="VBScript">
Print "&nbsp;"
parent.StdOut.Path.style.display="inline"
parent.StdOut.Input.style.display="inline"
parent.StdOut.Input.focus()
'
parent.StdOut.location.href=parent.StdOut.location.href &
"#bottom"
</script>
</body>
<%
End Select
%>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top