Difference between revisions of "Shell in a box"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
m (Reverted edits by ThorstenStaerk (talk) to last revision by 221.178.182.79)
Line 40: Line 40:
 
* test it by surfing to your computer: http://localhost:4200
 
* test it by surfing to your computer: http://localhost:4200
  
== Make it persistent ==
+
-13,14 +13,14 @@ use JoeDog::Config; use Getopt::Std; use FileHandle;-use vars qw($opt_V $opt_v $opt_f $opt_h $opt_p $opt_o $opt_t);+use vars qw($opt_V $opt_v $opt_f $opt_h $opt_p $opt_o $opt_t $opt_P); use vars qw($VERSION $PROGRAM $DATE); use strict;  $VERSION = %_VERSION%'; $PROGRAM = %_PROGRAM%'; $DATE    = %_DATE%';-getopts( Vvhp:f:o:t:');+getopts( VvhpP:f:o:t:'); my($ua, $conf, %conf, $port, $host); if($opt_h){@@ -40,17 +40,30 @@  $ua->env_proxy;  $ua->timeuot(($conf{ timeuot'} eq int($conf{ timeuot'}))?$conf{ timeuot'}:120);+  my $pid = fork;+  defined ($pid) or die  Sproxy daemon running ..[ FAILED ]\n$!\n ;++  if ($pid){+print Started Sproxy daemon. ( $pid )\n ;+open (PID,  > .$conf{ pid'} ) or die  Can't open PID file  .$conf{ pid'}.  : $! \n ;+print PID $pid ;+close ( PID );+exit 0;+ }++ $SIG{CHLD} = IGNORE';+  my $port = ($conf{ port'} eq int($conf{ port'}))?$conf{ port'}:9001;  my $parent = new HTTP::Daemon(    LocalAddr => $conf{ host'},    LocalPort => $port,-  );+    ReuseAddr => 1  )  or die  ERROR! Couldn't start Sproxy service: $!\n ;  my $child;  my $FILE = open_file();  printf( %s v%s listening on port %d\n , uc($PROGRAM), $VERSION, $port);-  printf(  appending HTTP requests to: %s\n , $conf{ file'});+  printf(  appending HTTP requests to: %s\n , $conf{ output'});  printf( default connection timeuot: %s seconds\n , $conf{ timeuot'});  while($child = $parent->accept){    connection_handler($FILE, $child);@@ -63,6 +76,7 @@ parse_config() {  my $file = $ENV{ HOME'} .  /urls.txt ;+  my $pid_file = $ENV{ HOME'} .  /sproxy.pid ;  if($opt_f){    $conf = new JoeDog::Config($opt_f);@@ -74,7 +88,8 @@  %conf = $conf->getHash( = );  $conf{ host'}    = ($ARGV[0])?$ARGV[0]:(($conf{ host'})?$conf{ host'}: localhost );  $conf{ port'}    = ($opt_p)?$opt_p:(($conf{ port'})?$conf{ port'}:9001);-  $conf{ file'}    = ($opt_o)?$opt_o:(($conf{ file'})?$conf{ file'}:$file);+  $conf{ output'}    = ($opt_o)?$opt_o:(($conf{ output'})?$conf{ output'}:$file);+  $conf{ pid'}    = ($opt_o)?$opt_P:(($conf{ pid'})?$conf{ pid'}:$pid_file);  $conf{ timeuot'} = ($opt_t)?$opt_t:(($conf{ timeuot'})?$conf{ timeuot'}:120);  $conf{ verbose'} = ($opt_v)? true :(($conf{ verbose'})?$conf{ verbose'}: false ); }@@ -137,10 +152,10 @@  my $FILE;  $FILE = new FileHandle();-  if($FILE->open( >> .$conf{ file'})){+  if($FILE->open( >> .$conf{ output'})){    flock($FILE, $LOCK_EX);  } else {-    die $PROGRAM.  error: cannot open  .$conf{ file'};+    die $PROGRAM. error: cannot open .$conf{ output'};  }  return $FILE; }# diff -u doc/sproxy.conf.in.orig doc/sproxy.conf.in  doc/sproxy.conf.in.orig2012-07-13 01:32:22.000000000 -0700+++ doc/sproxy.conf.in2012-07-13 00:12:22.000000000 -0700@@ -48,3 +48,12 @@ #          timeuot = 90 # timeuot =+# this directive tells %_PROGRAM% to write daemon pid+# to this alternative file. The default+# file is $HOME/sproxy.pid You may also specify an+# alternative pid file with the -P option on the+# command line.+# example: pid = /var/run/sproxy.pid+#+# pid =+# diff -u doc/sproxy.1.in.orig doc/sproxy.1.in  doc/sproxy.1.in.orig2012-07-13 01:33:43.000000000 -0700+++ doc/sproxy.1.in2012-07-13 01:37:46.000000000 -0700@@ -48,6 +48,9 @@ \fB\-o FILE\fR OUTPUT FILE, change the default output file from $HOME/urls.txt to FILE. This is the siege-friendly file of URLs. .TP+\fB\-P PID FILE\fR+PID FILE, change the default pid file from $HOME/sproxy.pid to PID FILE.+.TP If %_PROGRAM% is invoked without a hostname, it will bind to the address given by the  host =  directive in the %_PROGRAM%.conf file. If a host directive is not present in that file, then %_PROGRAM% will bind to localhost. To use %_PROGRAM% to create a urls.txt file, configure your web browser to use a proxy server at the address and port that %_PROGRAM% is listening for requests.Also created a init/start-up script for this (tested only on CentOS):# cat /etc/init.d/sproxy #!/bin/bash## Sproxy as daemon## chkconfig: 2345 99 10# description: Sproxy replaces Scout as the preferred method of URL harvest for Siege. It is an HTTP proxy server written in perl and designed to collect all URL information in a siege-friendly format. All necessary modules are bundled with the source. Sproxy is built with GNU autotools.# processname: sproxy### Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/networkRETVAL=0PROG_BIN= /usr/local/bin/sproxy PID_FILE= /var/run/sproxy.pid PID=$( cat $PID_FILE 2>/dev/null)status -p $PID_FILE >/dev/null 2>&1running=$?conf_check() {    [ -x $PROG_BIN ] || exit 5}start() {[ "$EUID" != "0" ] && exit 4# Check that networking is up.[ ${NETWORKING} = "no" ] && exit 1conf_check# Start daemons.echo -n $ Starting Sproxy daemon$PROG_BIN 2>/dev/null 1>&2RETVAL=$?if [ $RETVAL -eq 0 ]; then successelse failure $ $PROG_BIN start fi        echoreturn $RETVAL}stop() {[ "$EUID" != "0" ] && exit 4conf_check        # Stop daemons.echo -n $ Shutting down Sproxy daemon: kill $PIDRETVAL=$?[ $RETVAL -eq 0 ] && rm -f $PID_FILEsuccessechoreturn $RETVAL}# See how we were called.case  $in start)if [ $running -eq 0 ]; thenecho  Script already running ($PID) ! failureechoexit 0fistart;; stop)[ $running -eq 0 ] || exit 0 && failurestop;;  restart)stopstart;;  status)  status -p $PID_FILE;;  condrestart)[ $running -eq 0 ] || exit 0stopstart;;  *)echo $ Usage: $0 {start|stop|restart|status|condrestart} exit 2esacexit $?
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so
 
 
 
=== for SUSE Linux ===
 
* add the following line to /etc/init.d/boot.local:
 
  shellinaboxd &
 
* configure the firewall to always open up port 80 or stop it persistantly:
 
  [[chkconfig]] SuSEfirewall2_setup off
 
  chkconfig SuSEfirewall2_init off
 
* configure apache to start on boot
 
  chkconfig apache2 on
 
 
 
=== for Ubuntu ===
 
To start the shellinabox daemon after reboot add the following line to /etc/crontab:
 
  @reboot root /usr/local/bin/shellinaboxd &
 
This will start the daemon only on reboot as a background job.
 
 
 
== Use in a web server ==
 
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
 
 
 
=== for SUSE Linux ===
 
* install apache2, in this example for SUSE Linux 12.1:
 
  yast -i apache2
 
 
 
* enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
 
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
 
 
 
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block
 
<IfModule mod_proxy.c>
 
<Location /shell>
 
    ProxyPass http://127.0.0.1:4200
 
</Location>
 
</IfModule>
 
 
 
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 
 
 
=== for Ubuntu ===
 
* install apache2
 
apt-get install apache2
 
* enable apache's proxy module:
 
a2enmod proxy
 
* do
 
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
 
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:
 
  <Location /shell>
 
    ProxyPass http://127.0.0.1:4200
 
    Allow from 127.0.0.1
 
  </Location>
 
* restart apache
 
  /etc/init.d/apache2 restart
 
* test if the module has indeed been loaded:
 
  # apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 
  proxy_http_module (shared)
 
 
 
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 
  
 
= TroubleShooting =
 
= TroubleShooting =
Line 110: Line 56:
 
  shellinaboxd &
 
  shellinaboxd &
  
== forkpty() failed ==
+
ASSALAMU ALEIKUM VA RAHAMTULLAHI VA BARAKATUHU! U MENYA VOPROSI NASCHET SUHIH BANOK:1:sleduet li ubirat vosloi s tela esli stavyatsya suhie banki? 2:nuzhno li vse takzhe dezinficirovat? 3:kak dolgo ih derzhat?
;Symptom: When you surf to the shellinabox page you see an error message
 
forkpty() failed
 
 
 
;Solution: Kill all shellinaboxd processes and start them with root privileges:
 
killall shellinaboxd
 
shellinaboxd --user=0 & disown
 
  
 
== minus sign ==
 
== minus sign ==

Revision as of 18:01, 7 January 2016

Shell in a Box allows you to control a computer over the network using a Linux console in a web page.

Install it

Get it

  • Download shell in a box from google
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz

tar xvzf shellinabox-2.14.tar.gz

cd shellinabox-2.14
./configure && make && make install
  • make sure the firewall is open, here is an example for SUSE Linux:
rcSuSEfirewall2 stop
  • you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:
useradd -m user
passwd user
  • call shell in a box
cd /tmp
shellinaboxd &

-13,14 +13,14 @@ use JoeDog::Config; use Getopt::Std; use FileHandle;-use vars qw($opt_V $opt_v $opt_f $opt_h $opt_p $opt_o $opt_t);+use vars qw($opt_V $opt_v $opt_f $opt_h $opt_p $opt_o $opt_t $opt_P); use vars qw($VERSION $PROGRAM $DATE); use strict; $VERSION = %_VERSION%'; $PROGRAM = %_PROGRAM%'; $DATE = %_DATE%';-getopts( Vvhp:f:o:t:');+getopts( VvhpP:f:o:t:'); my($ua, $conf, %conf, $port, $host); if($opt_h){@@ -40,17 +40,30 @@ $ua->env_proxy; $ua->timeuot(($conf{ timeuot'} eq int($conf{ timeuot'}))?$conf{ timeuot'}:120);+ my $pid = fork;+ defined ($pid) or die Sproxy daemon running ..[ FAILED ]\n$!\n ;++ if ($pid){+print Started Sproxy daemon. ( $pid )\n ;+open (PID, > .$conf{ pid'} ) or die Can't open PID file .$conf{ pid'}. : $! \n ;+print PID $pid ;+close ( PID );+exit 0;+ }++ $SIG{CHLD} = IGNORE';+ my $port = ($conf{ port'} eq int($conf{ port'}))?$conf{ port'}:9001; my $parent = new HTTP::Daemon( LocalAddr => $conf{ host'}, LocalPort => $port,- );+ ReuseAddr => 1 ) or die ERROR! Couldn't start Sproxy service: $!\n ; my $child; my $FILE = open_file(); printf( %s v%s listening on port %d\n , uc($PROGRAM), $VERSION, $port);- printf( appending HTTP requests to: %s\n , $conf{ file'});+ printf( appending HTTP requests to: %s\n , $conf{ output'}); printf( default connection timeuot: %s seconds\n , $conf{ timeuot'}); while($child = $parent->accept){ connection_handler($FILE, $child);@@ -63,6 +76,7 @@ parse_config() { my $file = $ENV{ HOME'} . /urls.txt ;+ my $pid_file = $ENV{ HOME'} . /sproxy.pid ; if($opt_f){ $conf = new JoeDog::Config($opt_f);@@ -74,7 +88,8 @@ %conf = $conf->getHash( = ); $conf{ host'} = ($ARGV[0])?$ARGV[0]:(($conf{ host'})?$conf{ host'}: localhost ); $conf{ port'} = ($opt_p)?$opt_p:(($conf{ port'})?$conf{ port'}:9001);- $conf{ file'} = ($opt_o)?$opt_o:(($conf{ file'})?$conf{ file'}:$file);+ $conf{ output'} = ($opt_o)?$opt_o:(($conf{ output'})?$conf{ output'}:$file);+ $conf{ pid'} = ($opt_o)?$opt_P:(($conf{ pid'})?$conf{ pid'}:$pid_file); $conf{ timeuot'} = ($opt_t)?$opt_t:(($conf{ timeuot'})?$conf{ timeuot'}:120); $conf{ verbose'} = ($opt_v)? true :(($conf{ verbose'})?$conf{ verbose'}: false ); }@@ -137,10 +152,10 @@ my $FILE; $FILE = new FileHandle();- if($FILE->open( >> .$conf{ file'})){+ if($FILE->open( >> .$conf{ output'})){ flock($FILE, $LOCK_EX); } else {- die $PROGRAM. error: cannot open .$conf{ file'};+ die $PROGRAM. error: cannot open .$conf{ output'}; } return $FILE; }# diff -u doc/sproxy.conf.in.orig doc/sproxy.conf.in doc/sproxy.conf.in.orig2012-07-13 01:32:22.000000000 -0700+++ doc/sproxy.conf.in2012-07-13 00:12:22.000000000 -0700@@ -48,3 +48,12 @@ # timeuot = 90 # timeuot =+# this directive tells %_PROGRAM% to write daemon pid+# to this alternative file. The default+# file is $HOME/sproxy.pid You may also specify an+# alternative pid file with the -P option on the+# command line.+# example: pid = /var/run/sproxy.pid+#+# pid =+# diff -u doc/sproxy.1.in.orig doc/sproxy.1.in doc/sproxy.1.in.orig2012-07-13 01:33:43.000000000 -0700+++ doc/sproxy.1.in2012-07-13 01:37:46.000000000 -0700@@ -48,6 +48,9 @@ \fB\-o FILE\fR OUTPUT FILE, change the default output file from $HOME/urls.txt to FILE. This is the siege-friendly file of URLs. .TP+\fB\-P PID FILE\fR+PID FILE, change the default pid file from $HOME/sproxy.pid to PID FILE.+.TP If %_PROGRAM% is invoked without a hostname, it will bind to the address given by the host = directive in the %_PROGRAM%.conf file. If a host directive is not present in that file, then %_PROGRAM% will bind to localhost. To use %_PROGRAM% to create a urls.txt file, configure your web browser to use a proxy server at the address and port that %_PROGRAM% is listening for requests.Also created a init/start-up script for this (tested only on CentOS):# cat /etc/init.d/sproxy #!/bin/bash## Sproxy as daemon## chkconfig: 2345 99 10# description: Sproxy replaces Scout as the preferred method of URL harvest for Siege. It is an HTTP proxy server written in perl and designed to collect all URL information in a siege-friendly format. All necessary modules are bundled with the source. Sproxy is built with GNU autotools.# processname: sproxy### Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/networkRETVAL=0PROG_BIN= /usr/local/bin/sproxy PID_FILE= /var/run/sproxy.pid PID=$( cat $PID_FILE 2>/dev/null)status -p $PID_FILE >/dev/null 2>&1running=$?conf_check() { [ -x $PROG_BIN ] || exit 5}start() {[ "$EUID" != "0" ] && exit 4# Check that networking is up.[ ${NETWORKING} = "no" ] && exit 1conf_check# Start daemons.echo -n $ Starting Sproxy daemon: $PROG_BIN 2>/dev/null 1>&2RETVAL=$?if [ $RETVAL -eq 0 ]; then successelse failure $ $PROG_BIN start fi echoreturn $RETVAL}stop() {[ "$EUID" != "0" ] && exit 4conf_check # Stop daemons.echo -n $ Shutting down Sproxy daemon: kill $PIDRETVAL=$?[ $RETVAL -eq 0 ] && rm -f $PID_FILEsuccessechoreturn $RETVAL}# See how we were called.case $1 in start)if [ $running -eq 0 ]; thenecho Script already running ($PID) ! failureechoexit 0fistart;; stop)[ $running -eq 0 ] || exit 0 && failurestop;; restart)stopstart;; status) status -p $PID_FILE;; condrestart)[ $running -eq 0 ] || exit 0stopstart;; *)echo $ Usage: $0 {start|stop|restart|status|condrestart} exit 2esacexit $?

TroubleShooting

cannot read valid certificate

Symptom: ShellInABoxD does not start, it tells the error message: 

Cannot read valid certificate from "certificate.pem". Check file permissions and file format.

Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: 

/tmp # ll certificate.pem 
-rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem

Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp: 

cd /tmp
shellinaboxd &

ASSALAMU ALEIKUM VA RAHAMTULLAHI VA BARAKATUHU! U MENYA VOPROSI NASCHET SUHIH BANOK:1:sleduet li ubirat vosloi s tela esli stavyatsya suhie banki? 2:nuzhno li vse takzhe dezinficirovat? 3:kak dolgo ih derzhat?

minus sign

Symptom
The minus sign does not work if you type it on the keypad.
Solution
I could fix this by using Safari instead of FireFox

See also

Retrieved from "http://linuxintro.org/index.php?title=Shell_in_a_box&oldid=16239"