HTTP and cmd experiements using `nc.exe` (netcat for windows)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
GET
POST
.gitattributes
README.md
nc.exe

README.md

ncExec

HTTP and cmd experiements using nc.exe (netcat for windows)

Programmed in Windows Batch

License: MIT License

[This project is now abandoned because Windows Batch is bloody ridiculous and I can't get rid of the bugs while trying to add more features. It is, however, pretty cool, so you should totally experiment with it.]
UPDATE (19thSept2018): Fixed all bugs, finished project!

As of 19thSept2018, all bugs have been fixed and this project is complete and probably won't be updated anymore.

Goal

Having made a simple webserver for Windows with netcat, I decided to go one step further. I wanted to be able to input a command on the webpage, and then for that command to get executed server-side. I am aware of the fact that this is, in fact, ridiculously easy in Powershell, but where's the fun in that? I wanted a challenge.

Files

GET

  • ncExecGET.cmd: The GET version sends the command through GET requests.
  • index.html: The webpage with the GET form

POST

  • ncExecPOST.cmd: The POST version sends the command through POST requests.
  • index.html: The webpage with the POST form

Common

  • comexec.cmd: Executes the command in the same shell window as the server
  • rex.txt: Contains the HTTP response headers. Must contain two trailing newlines.

Usage

  1. Make sure that nc.exe is in the same folder as your batch files.
  2. Run the ncExec___.cmd batch file.
  3. Visit http://localhost/ in your browser, and enter a command.
  4. If nothing breaks, you should see the command get executed in the same cmd window as the server script.

Modification

Note that comexec.cmd has the following line:

 set com=%com:~9%

You must modify this number if you change the number of characters in name of the the form command field.

For POST: <number-of-chars-in-name>+1
For GET: <number-of-chars-in-name>+3

The reason the commands aren't executed in a separate cmd window is that if they're all run in one window, you can use error codes and variables. For example, if you send set a=123 and echo %a%, the output will be 123. If these were to be run in separate windows, this would not be the case, as the variable from the previous command will not be accessible. If you want this to be the case, change the following code block in comexec.cmd:

echo Command recieved: %com%
%com%

to

echo Command recieved: %com%
cmd.exe /k %com%

Uses

I mean, you can use this sorta like SSH except to send commands over the web? No idea what you'd use it for, since there's probably something better out there, but have fun experimenting.

Also, take a look at percent-decoder, it might come in handy.