Jump to content
Please Use CODE Tags

PHPShell default user www-data, how to change?

l11h
By l11h
in Programming
 Share
Posted

Hi,

 

So i'm using PHPShell as a terminal system to access my server through the web browser for a project. For some reason the default user is www-data and I can't seem to change it. Some other tutorial I followed did same thing as I did however, his user was the user he logged in with not www-data. So anyone know how to do this? 

 

The reason i'm using this is because I want to do parsing. Meaning if a user enters a command like rm -rf *, it checks it with the database blacklist and blocks it. This is doable as the input field is a text box. 

 

Other options available use JavaScript so this is not available :( 

 

Anyway if this can be fixed I will appreciate your help a lot.

 

Thanks

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Change the owner of the executable.

 

Problem is the owner of the file phpshell.php is actually the normal user being testuser in this case. 

 

or is ownership something different? which to change it's chown i guess.

 

However, when I log into the system and run whoami it says www-data .... that's the reason why i'm confused lol.

 

if executing is different what command to I use to change it? All I see is chown commands

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Switch user, perhaps?

 

su tempuser

Interested in Linux, SteamOS and Open-source applications? Go here

Gaming Rig - CPU: i5 3570k @ Stock | GPU: EVGA Geforce 560Ti 448 Core Classified Ultra | RAM: Mushkin Enhanced Blackline 8GB DDR3 1600 | SSD: Crucial M4 128GB | HDD: 3TB Seagate Barracuda, 1TB WD Caviar Black, 1TB Seagate Barracuda | Case: Antec Lanboy Air | KB: Corsair Vengeance K70 Cherry MX Blue | Mouse: Corsair Vengeance M95 | Headset: Steelseries Siberia V2

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

 

Switch user, perhaps?

su tempuser

Tried that and that doesn't seem to work. 

 

I think what this PHP Shell is doing is, it's a text box, it's using php_exec to send the command to the server and then just writes the output.

 

doing su all it says is it's not a terminal and tty is not present. 

 

I know there are stuff like Gate One and Shellinabox which use Javascript and work exactly like a terminal does if your sitting in front of it. However, what I want is a text box where I can check the commands before sending them. 

Is there any technology that I can research that will do this? 

With the Javascript I know there are ways of saying this command is not good however, it can be bypassed using a javascript command line.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Could be a security risk, but give these suggestions a try:

http://stackoverflow.com/questions/7181601/using-shell-exec-or-exec-as-a-different-unix-user

 

It also should be possible to run apache as testuser instead of www-data. The above link gives one method to do so, not sure if it's something you'll be able to do though. 

Interested in Linux, SteamOS and Open-source applications? Go here

Gaming Rig - CPU: i5 3570k @ Stock | GPU: EVGA Geforce 560Ti 448 Core Classified Ultra | RAM: Mushkin Enhanced Blackline 8GB DDR3 1600 | SSD: Crucial M4 128GB | HDD: 3TB Seagate Barracuda, 1TB WD Caviar Black, 1TB Seagate Barracuda | Case: Antec Lanboy Air | KB: Corsair Vengeance K70 Cherry MX Blue | Mouse: Corsair Vengeance M95 | Headset: Steelseries Siberia V2

 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×