stfowler
asked on
I need a Client-Side command shell invoked by VBScript hosted on Internet Explorer
Hi!
I'm very new to VBScript (like 3 days.) I'm trying to embed some VBScript in a web page, and then open that url to run a cmd.exe window on the Client machine, and then execute a telnet session from there. I was able to successfully write the script using VB/WScript and running from Windows Scripting Host. So now, I'm trying to adapt that WScript to VBScript. I've fixed several things, and right now I'm struggling with the .Run property. In WScript, I can do this to open a cmd.exe window and start my telnet session:
Set WshShell = WScript.CreateObject("WScr ipt.Shell" )
WshShell.Run "%windir%\system32\cmd.exe /c "&title
But I'm having trouble finding the VBScript equivalent. I read somewhere that the first line should be: Set VBShell = CreateObject("Shell.Applic ation")
So I changed it, but IE still gives me errors saying 'Error: Object doesn't support this property or method: 'VBShell.Run'. I've looked on msdn VBScript function list, and Run isn't there, I've also tried .Exec, but I get the same error. Any help? Thank You.
I'm very new to VBScript (like 3 days.) I'm trying to embed some VBScript in a web page, and then open that url to run a cmd.exe window on the Client machine, and then execute a telnet session from there. I was able to successfully write the script using VB/WScript and running from Windows Scripting Host. So now, I'm trying to adapt that WScript to VBScript. I've fixed several things, and right now I'm struggling with the .Run property. In WScript, I can do this to open a cmd.exe window and start my telnet session:
Set WshShell = WScript.CreateObject("WScr
WshShell.Run "%windir%\system32\cmd.exe
But I'm having trouble finding the VBScript equivalent. I read somewhere that the first line should be: Set VBShell = CreateObject("Shell.Applic
So I changed it, but IE still gives me errors saying 'Error: Object doesn't support this property or method: 'VBShell.Run'. I've looked on msdn VBScript function list, and Run isn't there, I've also tried .Exec, but I get the same error. Any help? Thank You.
Woops just noted the above could be improved:
response.redirect "http://tp-server/downloads/sars/" & saction & cstr(lc) & sExtension
Here is an example reg file which installes the registry tweaks so that the exe resource.exe will get fired when the op double clicks a .sqr file or tries to download one from the intranet.
-------------------------- ---------e xample.reg
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.SAR]
@="SaracsResources.Start"
[HKEY_CLASSES_ROOT\SaracsR esources.S tart]
@="Saracs Resources"
"BrowserFlags"=dword:00000 008
"EditFlags"=dword:00010000
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\Defau ltIcon]
@="\"r:\\saracs\\resource. exe\",0"
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell ]
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \edit]
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \edit\comm and]
@="\"C:\\WINNT\\NOTEPAD.EX E\" \"%1\""
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \open]
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \open\comm and]
@="\"r:\\saracs\\resource. exe\" \"/O\" \"%1\""
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \print]
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \print\com mand]
@="\"r:\\saracs\\resource. exe\" \"/P\" \"%1\""
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \printto]
[HKEY_CLASSES_ROOT\SaracsR esources.S tart\shell \printto\c ommand]
@="\"r:\\saracs\\resource. exe\" \"/PT\" \"%1\" \"%2\" \"%3\" \"%4\" \"%5\" \"%6\""
response.redirect "http://tp-server/downloads/sars/" & saction & cstr(lc) & sExtension
Here is an example reg file which installes the registry tweaks so that the exe resource.exe will get fired when the op double clicks a .sqr file or tries to download one from the intranet.
--------------------------
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.SAR]
@="SaracsResources.Start"
[HKEY_CLASSES_ROOT\SaracsR
@="Saracs Resources"
"BrowserFlags"=dword:00000
"EditFlags"=dword:00010000
[HKEY_CLASSES_ROOT\SaracsR
@="\"r:\\saracs\\resource.
[HKEY_CLASSES_ROOT\SaracsR
[HKEY_CLASSES_ROOT\SaracsR
[HKEY_CLASSES_ROOT\SaracsR
@="\"C:\\WINNT\\NOTEPAD.EX
[HKEY_CLASSES_ROOT\SaracsR
[HKEY_CLASSES_ROOT\SaracsR
@="\"r:\\saracs\\resource.
[HKEY_CLASSES_ROOT\SaracsR
[HKEY_CLASSES_ROOT\SaracsR
@="\"r:\\saracs\\resource.
[HKEY_CLASSES_ROOT\SaracsR
[HKEY_CLASSES_ROOT\SaracsR
@="\"r:\\saracs\\resource.
The final tip........notice above the the exe located in a server file r:\saracs\resource.exe is started on the client side.
The trick which will save you buckets of time is to make the resource.exe open a text file: resource.txt which contains the latest version of the real exe which will actually do the work needed.
The problem is that you will not be able to change your exe if it needs enhancements/bug fixes. You will need to get maybe 200 users off the server, which can take all day. Using this method you don't need to bother.
Because you can change the url on your web-site is a few seconds, you just need to add a decode for the new action that is passed to you app.
So each time you recompile your handler you give it a name like
res201.exe, next time res202.exe, etc. When the compile is complete edit the file resource.txt with the new name e.g.
----------resource.txt file example
res202.exe
How to create resource.exe:
1) Create an app with a dummy form. This app just needs the form to have the icon that you want to use.
2) add a module to the app amd make the startup object to be Sub Main
Sub Main()
Dim lLFN As Long
Dim sEXEPath As String
Dim sLinkFile As String
Dim sMes As String
On Error Resume Next
Do
' Are we running in IDE ot EXE mode
Err.Clear
Debug.Print 1 / 0
IDE = Err.Number <> 0
Err.Clear
' get the file which the pointer to the real exe
If IDE Then
sLinkFile = "r:\saracs\resource" + ".txt"
Else
sLinkFile = App.Path + "\" + App.EXEName + ".txt"
End If
' open the file
lLFN = FreeFile
Open sLinkFile For Input Shared As #lLFN
If Err.Number <> 0 Then
sMes = "Could not open file: " + sLinkFile + vbCrLf + Err.Description
Exit Do
End If
On Error GoTo 0
' read the data from the file
sEXEPath = Input(LOF(lLFN), lLFN)
' remove an accidental CR/LF
lLFN = InStr(sEXEPath, vbCrLf)
If lLFN > 1 Then
sEXEPath = Left(sEXEPath, lLFN - 1)
End If
' Create the name of the EXE to shell to
' also add the command lines passed by the web-site
Dim ok
sEXEPath = App.Path + "\" + sEXEPath + " " + Command
On Error Resume Next
' fire the appication
ok = Shell(sEXEPath, vbNormal)
If ok < 1 Then
sMes = "Could not open file: " + sEXEPath _
+ vbCrLf + "Link file: " + sLinkFile + vbCrLf + Err.Description
Exit Do
End If
End
Loop
MsgBox sMes, vbExclamation, App.Title
End Sub
The trick which will save you buckets of time is to make the resource.exe open a text file: resource.txt which contains the latest version of the real exe which will actually do the work needed.
The problem is that you will not be able to change your exe if it needs enhancements/bug fixes. You will need to get maybe 200 users off the server, which can take all day. Using this method you don't need to bother.
Because you can change the url on your web-site is a few seconds, you just need to add a decode for the new action that is passed to you app.
So each time you recompile your handler you give it a name like
res201.exe, next time res202.exe, etc. When the compile is complete edit the file resource.txt with the new name e.g.
----------resource.txt file example
res202.exe
How to create resource.exe:
1) Create an app with a dummy form. This app just needs the form to have the icon that you want to use.
2) add a module to the app amd make the startup object to be Sub Main
Sub Main()
Dim lLFN As Long
Dim sEXEPath As String
Dim sLinkFile As String
Dim sMes As String
On Error Resume Next
Do
' Are we running in IDE ot EXE mode
Err.Clear
Debug.Print 1 / 0
IDE = Err.Number <> 0
Err.Clear
' get the file which the pointer to the real exe
If IDE Then
sLinkFile = "r:\saracs\resource" + ".txt"
Else
sLinkFile = App.Path + "\" + App.EXEName + ".txt"
End If
' open the file
lLFN = FreeFile
Open sLinkFile For Input Shared As #lLFN
If Err.Number <> 0 Then
sMes = "Could not open file: " + sLinkFile + vbCrLf + Err.Description
Exit Do
End If
On Error GoTo 0
' read the data from the file
sEXEPath = Input(LOF(lLFN), lLFN)
' remove an accidental CR/LF
lLFN = InStr(sEXEPath, vbCrLf)
If lLFN > 1 Then
sEXEPath = Left(sEXEPath, lLFN - 1)
End If
' Create the name of the EXE to shell to
' also add the command lines passed by the web-site
Dim ok
sEXEPath = App.Path + "\" + sEXEPath + " " + Command
On Error Resume Next
' fire the appication
ok = Shell(sEXEPath, vbNormal)
If ok < 1 Then
sMes = "Could not open file: " + sEXEPath _
+ vbCrLf + "Link file: " + sLinkFile + vbCrLf + Err.Description
Exit Do
End If
End
Loop
MsgBox sMes, vbExclamation, App.Title
End Sub
Further, you don't need to create an exe file to handle your functions, you can edit the .reg file to run a VB script so instead f r:\\saracs\resource.exe etc.....just wscript.exe
Bit like this:
HKEY_CLASSES_ROOT\SaracsRe sources.St art\shell\ open\comma nd]
@="\"r:\\saracs\\resource. exe\" \"%1\""
Say is you registered file type mag in this way, rename your vbs files to .mag should work ok.
Bit like this:
HKEY_CLASSES_ROOT\SaracsRe
@="\"r:\\saracs\\resource.
Say is you registered file type mag in this way, rename your vbs files to .mag should work ok.
Woops - Bit like this:
HKEY_CLASSES_ROOT\SaracsRe sources.St art\shell\ open\comma nd]
@="\"wcript.exe\" \"%1\""
HKEY_CLASSES_ROOT\SaracsRe
@="\"wcript.exe\" \"%1\""
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Alternatively, most browsers are set to respond to the telnet:// protocol, by launching the appropriate app. You could alway put a link in your web page to telnet://yourserver:port, using the following HTML:
<a href="telnet://yourserver: port">Open telnet session</a>
That should do it, too...
J.
<a href="telnet://yourserver:
That should do it, too...
J.
A further extension to this idea is to create an asp page like this one set up for .sar files. This ASP page will create download file dynamically passing the URL extension into the file.
At night time there is a scheduled task which deletes the contents of the dynamic download files.
Hope this helps:~)
PS You can cheat by using a .reg file to create the IE browser extension handles. Or you can create some VB code.
See next post for the registry file needed.
---------------createsar.a
%
' Generates an on-the-fly download file
' the url will be saved into a generated file
' the URL MUST HAVE an action parameter
'example http://tp-server/createsar.asp?action=invoice&entry=123456
Dim sExtension
sExtension = ".sar"
Dim FS
Set FS = Server.CreateObject("Scrip
dim sFile
dim sLocation
dim sAction
sAction=Request.QueryStrin
sLocation="r:\downloads\sa
dim lc
lc=1
Do
sFile="r:\downloads\sars\"
If Not fs.FileExists(sFile) Then
Exit Do
End If
lc=lc+1
loop
dim fname
set fname=fs.CreateTextFile(sf
fname.WriteLine(request.qu
fname.Close
set fname=nothing
set fs=nothing
response.redirect "http://tp-server/downloads/sars/"+saction+cstr(lc) + sExtension
%>