Execute arbitrary commands in shared Web hosting environment
Usually in an economical shared Web hosting environment, you can only download/upload your files through FTP or a Web based environment provided by the service provider. FTP provides very limited ways to interact with the hosting server. In this article we describe a simple way to execute arbitrary commands so you can explore your Web hosting environment more easily.
First, you create a private directory to host scripts that
are password protected and meant to be executed by yourself only.
Suppose you create the
/home/joe/html/private directory for such purpose
when your Web document root directory is /home/joe/html.
Next, you create the a .htpasswd file that stores
the username and password you want to use. You can use the
htpasswd command that comes with the Apache distribution
to create it. Just run htpasswd -c .htpasswd joe and
type the password. It will generate a file with content like this:
joe:1ZHmx6Fd6iTd2
Upload this file to your Web document root directory, e.g.,
/home/joe/html. Now create a .htaccess
file and upload it to the /home/joe/html/private
directory you want to protect with password.
AuthUserFile /home/joe/html/.htpasswd
AuthGroupFile /dev/null
AuthName "Protected Area"
AuthType Basic
require valid-user
Now upload any PHP file to your private directory and visit it through Web browser to make sure you are prompted for username and password before you can execute it.
With this protection in place, you can create a simple PHP script that contains a form to execute arbitrary commands on your behalf. However, please keep in mind that there will be some limitations in what you can do.
First, your Apache server is set up mostly in a chroot environment and the commands available to you are quite limited. For example, probably you won't be able to compile a C/C++ program there.
Second, you can only run the commands non-interactively,
otherwise your PHP script may hang. You can download the following
sample PHP script that allows you to
execute arbitrary commands. An immediate use of this script is
to create directories that are outside your Web server's document
root directory, e.g., /home/joe/db for additional
security. Because these directories cannot be accessed directly,
you can put your configuration files that
contain sensitive information there so they can only be read
by your PHP scripts that only you yourself control.
Third, there is one mystery here. We can run php -i and other commands
in our local development environment. However, we cannot get them running
in our Web hosting environment. It always returns the interpreted results
of the PHP shell script itself. Probably there is some special configuration
at our Web hosting environment that disallows the PHP script to create a PHP
interpreter by itself. However, given that the PHP function phpinfo()
provides a lot of information, we can do without this feature.
Please note that our approach provides a simple alternative to the one used by PHP Shell. Because our PHP shell script is much simpler you can modify it easily to add features you need.