Anyone familiar with perl stuff, how do you run this syntax? - GoFuckYourself.com

Jakez · 04-18-2009, 04:45 PM

Having a brain fart ATM, how the hell do I run this syntax? This is a perl script (rsapi.pl) provided by rapidshare that uploads a file from my server to my premium account, but I can't figure out how to run these commands..

Quote:

# To upload a file, put this script on a machine with perl installed and use the following syntax:
# perl rsapi.pl free mytestfile.rar (this uploads mytestfile.rar as a free user)
# perl rsapi.pl prem archive.rar 334 test (this uploads archive.rar to the premium-zone of login 334 with password test)
# perl rsapi.pl col a.rar testuser mypw (this uploads a.rar to the collector's-zone of login testuser with password mypw)

Jakez · 04-18-2009, 05:17 PM

AgentCash · 04-18-2009, 05:32 PM

from the commandline

cd to the directory containing rsapi.pl
then
perl rsapi.pl prem filename login password

or

/usr/bin/perl /location/to/rsapi.pl prem /location/to/filename login password

if you need to run it from within another script then use backticks or an exec call, and make sure you sanitize any inputs

Jakez · 04-18-2009, 08:16 PM

Quote:

Originally Posted by AgentCash

from the commandline

cd to the directory containing rsapi.pl
then
perl rsapi.pl prem filename login password

or

/usr/bin/perl /location/to/rsapi.pl prem /location/to/filename login password

if you need to run it from within another script then use backticks or an exec call, and make sure you sanitize any inputs

I'm actually trying to get it to run from within a .php page, and I tried it with exec() but nothing happened..

I tried exec("perl rsapi.pl prem archive.rar 334");

Is it supposed to be -perl instead? Not too familiar with this crap lol.

AgentCash · 04-18-2009, 08:31 PM

exec("/usr/bin/perl /location/to/rsapi.pl prem /location/to/archive.rar login password");

should work, check your error logs or try running it from command line to see if there is a problem.

make a php file named test.php of just

<?
echo exec("/usr/bin/perl /location/to/rsapi.pl prem /location/to/archive.rar login password");
?>

and do

php test.php

from commandline to see if that works for you.

Jakez · 04-18-2009, 08:49 PM

Tried that, with a couple different common perl paths just in case. It just shows a blank page when I run it, no new errors in the error log, and no new files in rapidshare either.

Command line you do from a ssh connection right? I don't have access to that at the moment, will try it later though since I do remember that gives you some actual feedback on what's going on..

Jakez · 04-18-2009, 08:55 PM

Ok I found a PHP alternative, of course it isn't working out the box either

I get this error:

Quote:

Parse error: syntax error, unexpected T_VARIABLE, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in /home/user/public_html/test.php on line 4

Here's the code I found and tried:
-The 'line 4' error above is on the "private $maxbuf=64000; // max bytes/packet" line below the commented area, I searched google and there seems to be some kind of problem between PHP 4/5 with the "public/private" stuff but I couldn't find a solution. PHP 4 is what I'm currently working with.

Quote:

<?php
$upload=new rapidphp;
$upload->config("prem","rapidshare_user","rapidshare_pass" );
$upload->sendfile("file.txt");

class rapidphp {
//////////////////////////////////////////////////////////////////
#
# usage for free-users:
#
# $upload=new rapidphp;
# $upload->sendfile("myfile.rar");
#
#
# usage for premium-zone:
#
# $upload=new rapidphp;
# $upload->config("prem","username","password");
# $upload->sendfile("myfile.zip");
#
#
# usage for collector's zone:
#
# $upload=new rapidphp;
# $upload->config("col","username","password");
# $upload->sendfile("myfile.tar.gz2");
#
#
# you can upload several files if you want:
#
# $upload=new rapidphp;
# $upload->config("prem","username","password");
# $upload->sendfile("myfile.part1.rar");
# $upload->sendfile("myfile.part2.rar");
# // and so on
#
# sendfile() returns an array with data of the upload
# [0]=Download-Link
# [1]=Delete-Link
# [2]=Size of the sent file in bytes
# [3]=md5 hash (hex)
#
//////////////////////////////////////////////////////////////////

private $maxbuf=64000; // max bytes/packet
private $uploadpath="l3";
private $zone,$login,$passwort;

private function hashfile($filename) { // md5 hash of files
return strtoupper(md5_file($filename));
}
public function getserver() { // gets server for upload
while(empty($server)) {
$server=file_get_contents("http://rapidshare.com/cgi-bin/rsapi.cgi?sub=nextuploadserver_v1");
}
return sprintf("rs%s%s.rapidshare.com",$server,$this->uploadpath);
}
public function config($zone,$login="",$passwort="") { // configuration
$this->zone=$zone;
$this->login=$login;
$this->passwort=$passwort;
}
public function sendfile($file) { // upload a file
if(empty($this->zone)) {
$this->zone="free";
}
if($this->zone=="prem" OR $this->zone=="col") {
if(empty($this->login) OR empty($this->passwort)) {
$this->zone="free";
}
}
if(!file_exists($file)) {
die("File not found!");
}
$hash=$this->hashfile($file); // hash of the file
$size=filesize($file); // filesize (bytes) of the file
$cursize=0; // later needed
$server=$this->getserver(); // get server for uploading
$sock= fsockopen($server,80,$errorno,$errormsg,30) or die("Unable to open connection to rapidshare\nError $errorno ($errormsg)");
stream_set_timeout($sock,3600); // anti timeout
$fp= fopen($file,"r");
$boundary = "---------------------632865735RS4EVER5675864";
$contentheader="\r\nContent-Disposition: form-data; name=\"rsapi_v1\"\r\n\r\n1\r\n";
if($this->zone=="prem") { // premium
$contentheader .= sprintf("%s\r\nContent-Disposition: form-data; name=\"login\"\r\n\r\n%s\r\n",$boundary,$this->login);
$contentheader .= sprintf("%s\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\n%s\r\n",$boundary,$this->passwort);
}
if($this->zone=="col") { // collector
$contentheader .= sprintf("%s\r\nContent-Disposition: form-data; name=\"freeaccountid\"\r\n\r\n%s\r\n",$boundary,$t his->login);
$contentheader .= sprintf("%s\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\n%s\r\n",$boundary,$this->passwort);
}
$contentheader .= sprintf("%s\r\nContent-Disposition: form-data; name=\"filecontent\"; filename=\"%s\"\r\n\r\n",$boundary,$file);
$contenttail = "\r\n".$boundary."--\r\n";
$contentlength = strlen($contentheader) + $size + strlen($contenttail);
$header = "POST /cgi-bin/upload.cgi HTTP/1.0\r\nContent-Type: multipart/form-data; boundary=".$boundary."\r\nContent-Length: ".$contentlength."\r\n\r\n";
fwrite($sock,$header.$contentheader);
while($cursize < $size) { // If we didn't upload everything, repeat!
$buf=fread($fp,$this->maxbuf) or die("Unable to read file"); // read max bytes from the file
$cursize=$cursize+strlen($buf);
if(fwrite($sock,$buf)) { // send data
}
}
fwrite($sock,$contenttail); // finished
$ret=fread($sock,10000); // receive data (links, hash, bytes)
preg_match("/\r\n\r\n(.+)/s",$ret,$match); // we don't need the http-header
$ret=explode("\n",$match[1]); // every line gets an entry in an array
fclose($sock);
fclose($fp);
foreach($ret as $id => $cont) {
if($id!=0) { // very boring stuff!
if($id>4) break; // break foreach
$key_val[]=substr($cont,8); // throw away the first eight chars
}
}
if($hash==$key_val[3]) { // if the hash is == hash of the local file
return $key_val;
} else { // omg! upload failed!
printf("Upload FAILED! Your hash is %s, while the uploaded file has the hash %s",$hash,$key_val[3]);
return FALSE;
}
}
}
?>

adonthenet · 04-18-2009, 08:59 PM

go get google to help my friend

Jakez · 04-18-2009, 09:22 PM

Quote:

Originally Posted by adonthenet

go get google to help my friend

He's done all he can

raymor · 04-19-2009, 04:38 PM

Quote:

Originally Posted by Jakez

I'm actually trying to get it to run from within a .php page, and I tried it with exec() but nothing happened..

I tried exec("perl rsapi.pl prem archive.rar 334");

Is it supposed to be -perl instead? Not too familiar with this crap lol.

Any particular reason that you're wrapping Perl in PHP? I suppose you're either
wanting to integrate it with some much larger PHP system, or you want to add
some gigantic security issues. ;) I'm guessing the former. Anyway, I'd run just
the script itself first, before trying to integrate it with the PHP. Rather than checking
your error logs as you work with it, add this to the top of the script in order to turn
it into a CGI script which will output any error messages to your browser:

Code:

#!/usr/bin/perl

BEGIN {
        if ($debug) {
                print "Content-type: text/html\n\n<html><body><pre>\n";
                open (STDERR, ">&STDOUT");
                select(STDERR); $| = 1;
                select(STDOUT); $| = 1;
        }
}

raymor · 04-19-2009, 04:48 PM

Oh BTW if you are integrating into into some much larger PHP system, be EXTREMELY
careful to really, really sanitize any variables used in backticks or exec(). You MUST
decide which REGEX is allowed and allow only that. Attempting to remove specific bad
characters won't cut it at all. So far, I've never seen ANY PHP script whose exec()
sanitation couldn't be broken using one particular method, thereby giving the attacker
the ability to run arbitrary code, so seriously be careful using exec with PHP.

(For those who know enough to think they are doing it right, consider \0 and it's
6 encodings.)

04-18-2009, 05:17 PM	#2
Jakez Confirmed User Industry Role: Join Date: Jan 2004 Location: oddfuturewolfgangkillthemall!!!!!!! Posts: 5,656	__________________ [email protected] - jakezdumb - 573689400 Killuminati

04-18-2009, 08:49 PM	#6
Jakez Confirmed User Industry Role: Join Date: Jan 2004 Location: oddfuturewolfgangkillthemall!!!!!!! Posts: 5,656	Tried that, with a couple different common perl paths just in case. It just shows a blank page when I run it, no new errors in the error log, and no new files in rapidshare either. Command line you do from a ssh connection right? I don't have access to that at the moment, will try it later though since I do remember that gives you some actual feedback on what's going on.. __________________ [email protected] - jakezdumb - 573689400 Killuminati

04-19-2009, 04:48 PM	#11
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Oh BTW if you are integrating into into some much larger PHP system, be EXTREMELY careful to really, really sanitize any variables used in backticks or exec(). You MUST decide which REGEX is allowed and allow only that. Attempting to remove specific bad characters won't cut it at all. So far, I've never seen ANY PHP script whose exec() sanitation couldn't be broken using one particular method, thereby giving the attacker the ability to run arbitrary code, so seriously be careful using exec with PHP. (For those who know enough to think they are doing it right, consider \0 and it's 6 encodings.) __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

04-18-2009, 05:32 PM	#3
AgentCash Confirmed User Join Date: Feb 2002 Posts: 720	from the commandline cd to the directory containing rsapi.pl then perl rsapi.pl prem filename login password or /usr/bin/perl /location/to/rsapi.pl prem /location/to/filename login password if you need to run it from within another script then use backticks or an exec call, and make sure you sanitize any inputs

04-18-2009, 08:31 PM	#5
AgentCash Confirmed User Join Date: Feb 2002 Posts: 720	exec("/usr/bin/perl /location/to/rsapi.pl prem /location/to/archive.rar login password"); should work, check your error logs or try running it from command line to see if there is a problem. make a php file named test.php of just <? echo exec("/usr/bin/perl /location/to/rsapi.pl prem /location/to/archive.rar login password"); ?> and do php test.php from commandline to see if that works for you.

04-18-2009, 08:59 PM	#8
adonthenet Too lazy to set a custom title Join Date: Feb 2005 Posts: 16,753	go get google to help my friend