Is it possible to invoke an exe on a remote computer, supposing we know the absolute path of the exe where it lies?
I have written a client and a server program and am able to get both work as expected when both are running. But now, all I want to do is to invoke the server program from client if server is not running. Seems like defeating the purpose of server-client model but still.
If that is possible without knowing the login credentials of the remote system, then it'd be cool. Eg: There are softwares like 'PsExec' that need login credentials.
I understand that, such a feature may not be there, as it would mean a serious security threat, but, I am just wondering if there is some sort of a workaround.
If that is possible without knowing
the login credentials of the remote
system, then it'd be cool. Eg: There
are softwares like 'PsExec' that need
login credentials.
I understand that, such a feature may
not be there, as it would mean a
serious security threat, but, I am
just wondering if there is some sort
of a workaround.
Those "inconvenient" security rules are there for a purpose. You simply do not want people to be able to run any old program on your machine without proper authentication and authorization. Not even if you are behind a firewall.
Why?
In one word - Viruses! If some machine on your network gets infected with a virus (or similar malware), then all machines that run a non-authenticated remote execute service would be at serious risk of infection.
Try Gridserver technologies... it's based on grid technology and very efficient and easily deployable.
You could setup a messaging system like a remote procedure call, webservice, or simple tcp socket on the server to do a wake up on the server process.
The only way you can execute an exe is by executing a local application which you have access to. There must be a part of the software running on the computer you want to execute an application on. From there, you can do a remote call from a second program on a remote machine asking the local one to do his job : execute.
As stephen C said, it would be a violent breach of security if I could run exe on your machine without your permision.
Related
When developing a Java EE 7 webapp (Win8, eclipse Kepler, JBoss Tools 4.1.1, wildfly8.0CR) I can use the application at localhost:8080/app/
But I wonder what to do, if I want an extern access to that app, e.g. from my other PC. What configuration is needed, or do you need a "real" server for such a purpose?
Thanks in advance
How public to you want your website to be?
If you want to access it from another computer on the same network(for example your home network) you need to adjust your network and firewall settings so that that you would have access from one computer to anoher on the same network. Then if on the computer that contains the app you would access it for example http://localhost:8080/myapp then on another network you would access it http://ip-of-the-comuter-that-contains-the-app:8080/.
If you would like to access it from outside the local network then the process is same, but a static IP would be recommended to the computer that contains the app.
If you would like the general public to use the app, then hosting it from your PC may not be such a good idea and somekind of server solution is adviseable. There are lots of different cloud solutions like http://aws.amazon.com/ec2/ or https://developers.google.com/appengine/ that would provide enough flexibility for majority of apps. Or you could ofcourse have your own server hardware, but this can turn out to be much more expensive to keep stable and secure.
For a quick-and-dirty solution you can choose the "Enable remote access" option on the server (double click the server, and you should see a check box in the server editor).
This will tell the server to start listening on all network interfaces and not just the local one.
btw. we only listen on local network interface by default for security reasons since we don't want you to unintentionally get hacked if a vulnerability is found and used by someone malicious.
I have a web application running with support for some specific pieces of hardware. This is achieved in the following steps:
User runs a small installer that places java files (and a couple
others) on the client machine. The main piece is a jar called "hardwareManager"
User visits web app. The web app runs a java applet which, due to
a .java.policy file placed during the install, has permission to
interact with the client machine outside the browser sandbox.
The applet checks to make sure the hardwareManager is running,
and if not runs a command to start it.
User interacts with the web app which sends commands to the applet via
javascript. The applet then writes commands to a text file
on the client machine. The text file is constantly monitored by the
hardwareManager which runs any commands it reads in.
This works, but seems clunky. I have a couple ideas on how to improve it, but I don't know which, if any, are even worth trying.
Would it be better to set up the hardwareManager as a socketServer and have the applet connect directly to it, rather than going through text files? Is that even possible?
Is there a way to eliminate the applet altogether and have the javascript talk directly to the hardwareManager? Maybe by writing the hardwareManager to be a local http server? What port should it run on? Do javascript xss limitations fit in here somewhere?
It would be less clunky to start the Java application using Java Web Start. This would remove the need to daemonize or install the Java hardware manager.
Another alternative is to use a built-in browser inside Java. I supose this is not an option, since you depend heavily on Javascript (I suppose to provide a rich client experience).
If you already have to install something on the client machine, why did you make the choice to go with a web application?
Talking from experience: We had a Java EE application which needed to print to PoS printers at the client site. We installed a small "synchronizer" application that connects through SSH and synchronizes all clients files. Afterwards, it loads the JAR and executes the program. This program connects through RMI with the server and subscribes to a JMS queue to receive the print assignments.
Applied to your case: Why not let your Java application connect to the server directly? You can use HTTP, SOAP or even JMS over RMI. You can then launch the hardware command from the server (instead of from the limited JavaScript webbrowser environment). This way, you get tons of features: authentication, buffering of commands, and you can even share hardware between multiple clients.
Schematic:
<----AJAX------> Web browser
ApplicationServer
<---HTTP/SOAP--> Java hardware manager application
You can launch the Java application using Java Web Start, which allows you to update the application automatically (instead of needing to pass every client a new installer).
I am attempting to run a Java application (specifically Minecraft) at my school on a mac computer. I wish to play online on my personal server, however the way the network is set up here the only way to access the internet is to enter network user/pass (The school uses a websense filter). Each student has one, and when you open a browser window a prompt will automatically ask me for it. The same user/pass is used to log into the machine, and some software will simply pick it up and go online without entering it a second time (ex. Safari just connects, Chrome however prompts for the user/pass).
Java applications however seem to be a mixed bag, some will connect, some will not. However none of them prompt me for the user/pass to the network.
So is there any way to force possibly through command line?) a Java application to log into the network?
Or is there possibly some other problem here?
You can set the proxy at the command line. This should help you: How do I set the proxy to be used by the JVM
In case you can't use your proxy directly you might try and install a local proxy such as CNTLM that connects to your network proxy and authenticates using the credentials you provide. The application would then not have to provide credentials. However, you'd have to provide your network credentials to CNTLM and thus should not forget to remove them when you are done.
First, this is not the first time I ask a question related to this problem, but now that we have talked with the network admin guys and we know we absolutely HAVE to get through that proxy, I will ask again the question but with further details.
So here is the deal. We have an application built for Lotus Notes. That application needs to talk with a web service that is located outside the network of our client, but nothing can get out of the network without going through a proxy server. Since the Agent is running on the server, we need to tell the server to go through the proxy first. That can be achieved in Java using the System's properties (http.proxyHost, etc). That being said, I set all the properties related to the proxy settings in my Java Agent, and then I try getting the XML file from the web service. What I get is a connection time out exception. So, I was wondering why? We did a network analysis with WireShark, and the application is not trying to go through the proxy. Here is what it STRANGELY does.
I built the application and set the proxy host to a dummy address, just for the time I get the real proxy address and my credentials. Let's say proxy.mydomain.com
I get my credentials, so I change the proxy config with the real ones, say webproxy.ca.mydomain.net
Nothing works, so we restart the Domino server and do a clearcache, thinking it might be related to this
We did a network analysis with WireShark and the application queries the DNS for this:
proxy.mydomain.com
proxy.mydomain.com.ca.mydomain.com
proxy.mydomain.com.eu.mydomain.com
proxy.mydomain.com.anotherknowdomain.com
And that goes for a while. BUT, I can see it's still using the dummy address. Where does it get it. It's not in notes.ini, it's not in the server's cache, it's not in my source code, it's not in java.properties, it not in the JVM (since we restarted the machine). Any idea? We're at the end of a project and we need this to work to deliver it and preassure is building!!! I searched the WHOLE WEB!!!
One more thing I would say, when I set my properties in java code, I tryied to print them before to see if it was ok and everything is fine...
For your information, even though it was a web proxy going through HTTP, the JVM setting sockProxyHost was set and preceds on the other. That was our problem...
I'm currently writing a Java application to be used with a Windows-Machine authed with an ActiveDirectory. The application basically only needs to know the user's name and hostname. I know there are
System.getProperty("user.name")
and
java.net.InetAddress.getLocalHost().getHostName()
But I am not sure wether System.getProperty("user.name") will function correctly with the VM running on windows (I searched google and found a lot of threads saying it might not work with windows, as it might return something different, depending on the environment-variables
(and I am currently unable to test it [I'm running ubuntu and archLinux]).
So, I wondered if there is a better and more secure way to handle this and stumbled upon NTSystem .
But NTSystem does not seem to be available on Linux (which I use for developing), which - I think - is due to calling native windows code.
My question would hence be: "Is there a secure way to retrieve the logged in user's name in Windows and if yes - how would you accomplish that?"
user.name is inherently insecure because it can be overridden via -Duser.name=XYZ. This might be an issue for you, or it may not be
Obviously NTSystem won't work on Linux but you mention that you are writing a GUI to be run on Windows. Are you trying to validate the Windows user name of the user? You can do this via NTSystem embedded in the code which runs on the Windows client but not (of course) code which runs under the Linux OS.
Or are you trying to validate them on a Linux server? Perhaps you have a kerberos domain you could do this with? (i.e. if there is a kerberos domain, then you can have a secure, authenticated communication between client and server, ensuring that the client is who they say they are)
EDIT: I may be confused by the fact you are saying that you're writing a Java App "in Linux". I took this to mean a Linux server and Windows client - but possibly you just mean that you are using Lenux as your development environment? In this case, you might think of writing a pluggable identification layer which you can switch between using NTSystem on the Windows box and user.name for testing
Use JNA, com.sun.platform.jna.win32 has a number of methods to do this wrapping the Win32 API. Try Advapi32Util.getUserName or Kernel32Util.getUserNameEx.