• 0

[Apache, EXE] How to run EXE through APACHE using alias! HELP


Question

Hey guys can I ask for some good old help please?

What it is I want to be able to run say a console application, through my webserver on apache.

I know it a secruity hole so I ask how do I first of all set up apache to allow .EXE to run, and then how to do it so say a .EXE will disgause(sorry for spelling) itself as say a .SOB. So I call something like blah.com/send.SOB.

this is currently the code i have For a test console app(written in delphi)

program Project2;

{$APPTYPE CONSOLE}

uses
  SysUtils,
  ShellAPI,
  windows;

var
  S: array[0..255] of char;
begin

  windows.GetEnvironmentVariable('QUERY_STRING',@S[0], 255);

  writeln('<html><body>');
  writeln('Query=');
  writeln(s);
  Writeln('</ br>Executed</body></html>');
  shellexecute(0,'open','notepad', nil, nil, SW_SHOWNORMAL);
end.

I've Tried this on a mate custom built server application, and all he dose is a simple config edit such as this

[.exe]
CodeBase=

[.snd]
CodeBase=c:\www\localhost\Project2.exe

So all that basically does is will run the .exe on the server but if a .snd is called it will run the code above.

I know this is not as easy on apache thats is where i ask you for help how do i achive this?

thanks Matt

4 answers to this question

Recommended Posts

  • 0

Not sure you can disguise the executables as .sob files unless, as Antaris also suggested, you make a wrapper script. The script would actually be written in Perl or PHP (or any other server-side scripting language) and that would be responsible for executing the .exe file and capturing the output from it.

If you just want to have .exe files run and the STDOUT returned to Apache this should do what you want. Note I've made this only work in the named directory to give you a little bit of security. At least then you can specify which .exe files should be run by putting them in the specified folder.

ScriptAlias /path/in/browser "C:/path/to/executables/"

<Directory "C:/path/to/executables/">
	AllowOverride None
	Options ExecCGI
	AddHandler cgi-script .exe
</Directory>

Note that any .exe file you start this way will run as the user that Apache also runs as. If you have Apache installed as a system service on windows, the .exe files and any processes they start will run as SYSTEM and will not by default be able to interact with the current user session unless you change the Apache service to allow interaction with the desktop.

  • 0

sorry only just read this i tried that and i now get this error

  Quote
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator,_________ and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

from just running this peice of delphi code

program Project2;

{$APPTYPE CONSOLE}

uses
  SysUtils, ShellAPI, windows;

begin
  ShellExecute(0, nil, 'c:\windows\notepad.exe', 'c:\windows\general.txt', nil, SW_SHOWMAXIMIZED);

end.

any idea?

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft's new AI tools: What "Researcher" and "Analyst" mean for your work by Paul Hill Microsoft has announced the general availability of two new reasoning AI agents called Researcher and Analyst. Both were previously available for Microsoft 365 Copilot Frontier members, but now they’re available for all Microsoft 365 Copilot license holders. Researcher is capable of multi-step research by combining OpenAI’s deep research model with Microsoft 365 Copilot’s orchestration and deep search capabilities. The Analyst agent can think like a data scientist, giving you insights in minutes from raw data. Analyst is built on OpenAI’s o3-mini. Microsoft says it can run Python to tackle the most complex data queries and you can view the code it’s running to verify its work in real time. Who it affects, and how While Frontier members have had access to these agents since April, they’ve only just been announced for general availability. The Copilot in question is not Microsoft’s free Copilot either, but the Copilot that comes as part of Microsoft 365 and includes additional features. To access it, you will have to pay for a $30 per month paid yearly subscription. Existing customers should now have access to both of these agents. While there is certainly angst in the world about the influence of AI on our jobs, Microsoft still maintains that it’s an assistant tool. These two new agents look set to benefit professionals across a range of roles including researchers and strategists, data analysts and scientists, sales and marketing teams, and anyone who just wants to summarize or synthesize information fast. The Researcher agent is helpful for gathering insights, preparing for negotiations, and assessing impacts such as the impact of tariffs on businesses. Meanwhile the Analyst agent can be used to convert raw data into actionable insights, identifying customer behaviors, and visualizing trends. It’s not all good news, Microsoft does have some limitations in place to ensure reliability of its service for all customers. The Redmond giant explains that the pre-pinned agents can run up to 25 combined queries per month - so that’s not 25 queries per agent, it’s for both together, each month. Additionally, Researcher supports 37 languages, but Analyst only supports eight, with more coming soon. Why it's happening Agents have been all the rage since the end of 2024 when figures in big tech declared that 2025 would be the year of agentic AI. Agents are capable of multi-step work and bring us closer to the goal of artificial general intelligence (AGI). These agents that Microsoft has unveiled are possible now thanks to the development of OpenAI’s deep research model and o3-mini, which also reasons. Earlier this year, Microsoft declared that it wanted to empower employees everywhere with AI agents and the release of Researcher and Analyst goes a long way in doing this. They will be beneficial for employees in many different fields and have the potential to free up a lot of time for more beneficial work. Customers in the Frontier program, Microsoft said, found these new tools to be highly effective for complex analytical work. This is great for Microsoft financially because it shows clear demand for such tools, justifying AI’s upfront development costs. These agents also help Microsoft keep up against the competition, which is also aggressively pursuing agents. What to watch for Microsoft said that its Researcher agent is much more accurate than everything that came before, thanks to the time it spends thinking about its answer. However, AI does still possess the ability, just like humans, to make mistakes. Verifying the creations of these agents is still crucial when it comes to anything mission critical. The Analyst agent’s ability to let the user see the steps and which Python code it executes is very good for transparency and can help combat errors if things ever start to go wrong with the agent’s reasoning. This could help to build trust among customers who need to use the Analyst agent and could set Microsoft’s offering apart from the competition, giving it an edge. Another thing customers should be aware of is the prompt they use matters. Microsoft tries to guide customers along with sample prompts but to get the most from these tools, users will need to know how to create effective and precise prompts. The good thing is that these bots are spoken with natural language, so it’s just a matter of being articulate and precise when you give a prompt. It will certainly be interesting to see how agents like these continue to affect employees’ job security in the future. While AI can certainly be helpful, if it develops to a point where an employer can effectively hire AI for a low cost to do the same work, then it could lead to massive displacement, with not enough new jobs for people to move into. This point has recently been elucidated by Anthropic’s CEO Dario Amodei. Source: Microsoft
    • I'm wondering if they are doing this as a "backup" in case CISA ceases to exist. It almost did recently due to funding and it's future is shaky. CISA - https://www.cisa.gov/known-exploited-vulnerabilities-catalog Example "CVE-2023-39780" https://www.cve.org/CVERecord?id=CVE-2023-39780 ASUS RT-AX55 Routers OS Command Injection Vulnerability
    • Over regulation is bad. That's why the EU is behind the US. But, it's a good thing the EU stepped in, in this case.
  • Recent Achievements

    • One Year In
      WaynesWorld earned a badge
      One Year In
    • First Post
      chriskinney317 earned a badge
      First Post
    • Week One Done
      Nullun earned a badge
      Week One Done
    • First Post
      sultangris earned a badge
      First Post
    • Reacting Well
      sultangris earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      172
    2. 2
      ATLien_0
      125
    3. 3
      snowy owl
      123
    4. 4
      Xenon
      118
    5. 5
      +Edouard
      92
  • Tell a friend

    Love Neowin? Tell a friend!