I need a Client-Side command shell invoked by VBScript hosted on Internet Explorer

Posted on 2006-04-04
Last Modified: 2008-01-16
 I'm very new to VBScript (like 3 days.) I'm trying to embed some VBScript in a web page, and then open that url to run a cmd.exe window on the Client machine, and then execute a telnet session from there. I was able to successfully write the script using VB/WScript and running from Windows Scripting Host. So now, I'm trying to adapt that WScript to VBScript. I've fixed several things, and right now I'm struggling with the .Run property. In WScript, I can do this to open a cmd.exe window and start my telnet session:
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "%windir%\system32\cmd.exe /c "&title
But I'm having trouble finding the VBScript equivalent. I read somewhere that the first line should be: Set VBShell = CreateObject("Shell.Application")
So I changed it, but IE still gives me errors saying 'Error: Object doesn't support this property or method: 'VBShell.Run'. I've looked on msdn VBScript function list, and Run isn't there, I've also tried .Exec, but I get the same error. Any help? Thank You.
Question by:stfowler
    LVL 17

    Expert Comment

    I have a simple solution for this.  You register an application to handle a file type say .MAG for example.  You tell IE not to browse this file type using itself. So your web-server can divert  to a file say MyFile.mag and your exe file will start running and can thendo anything it wants.  Your exe file decodes the mag file (it will receive a command line like /o "My File name.mag")

    A further extension to this idea is to create an asp page like this one set up for .sar files.  This ASP page will create download file dynamically passing the URL extension into the file.

    At night time there is a scheduled task which deletes the contents of the dynamic download files.

    Hope this helps:~)

    PS You can cheat by using a .reg file to create the IE browser extension handles. Or you can create some VB code.

    See next post for the registry file needed.

    ---------------createsar.asp example dynamic download file

    ' Generates an on-the-fly download file
    ' the url will be saved into a generated file
    ' the URL MUST HAVE an action parameter
    'example http://tp-server/createsar.asp?action=invoice&entry=123456

    Dim sExtension

    sExtension = ".sar"
    Dim FS
    Set FS = Server.CreateObject("Scripting.FileSystemObject")

    dim sFile
    dim sLocation
    dim sAction

    dim lc
      sFile="r:\downloads\sars\" & saction & cstr(lc) & sExtension
      If Not fs.FileExists(sFile) Then
        Exit Do
      End If

    dim fname
    set fname=fs.CreateTextFile(sfile,true)
    set fname=nothing
    set fs=nothing

    response.redirect "http://tp-server/downloads/sars/"+saction+cstr(lc) + sExtension


    LVL 17

    Expert Comment

    Woops just noted the above could be improved:

    response.redirect "http://tp-server/downloads/sars/" & saction & cstr(lc) & sExtension

    Here is an example reg file which installes the registry tweaks so that the exe resource.exe will get fired when the op  double clicks a .sqr file or tries to download one from the intranet.

    Windows Registry Editor Version 5.00


    @="Saracs Resources"




    @="\"C:\\WINNT\\NOTEPAD.EXE\"  \"%1\""


    @="\"r:\\saracs\\resource.exe\" \"/O\" \"%1\""


    @="\"r:\\saracs\\resource.exe\" \"/P\" \"%1\""


    @="\"r:\\saracs\\resource.exe\" \"/PT\" \"%1\" \"%2\" \"%3\" \"%4\" \"%5\" \"%6\""

    LVL 17

    Expert Comment

    The final tip........notice above the the exe located in a server file r:\saracs\resource.exe is started on the client side.
    The trick which will save you buckets of time is to make the resource.exe open a text file: resource.txt which contains the latest version of the real exe which will actually do the work needed.

    The problem is that you will not be able to change your exe if it needs enhancements/bug fixes.  You will need to get maybe  200 users off the server, which can take all day.  Using this method you don't need to bother.

    Because you can change the url on your web-site is a few seconds, you just need to add a decode for the new action that is passed to you app.

    So each time you recompile your handler you give it a name like

    res201.exe, next time res202.exe, etc.  When the compile is complete edit the file resource.txt with the new name e.g.

    ----------resource.txt file example

    How to create resource.exe:
    1) Create an app with a dummy form.  This app just needs the form to have the icon that you want to use.

    2) add a module to the app amd make the startup object to be Sub Main

    Sub Main()

    Dim lLFN As Long
    Dim sEXEPath As String
    Dim sLinkFile As String
    Dim sMes As String

    On Error Resume Next


        ' Are we running in IDE ot EXE mode
        Debug.Print 1 / 0
        IDE = Err.Number <> 0
        ' get the file which the pointer to the real exe
        If IDE Then
            sLinkFile = "r:\saracs\resource" + ".txt"
            sLinkFile = App.Path + "\" + App.EXEName + ".txt"
        End If
        ' open the file
        lLFN = FreeFile
        Open sLinkFile For Input Shared As #lLFN
        If Err.Number <> 0 Then
            sMes = "Could not open file: " + sLinkFile + vbCrLf + Err.Description
            Exit Do
        End If
        On Error GoTo 0
        ' read the data from the file
        sEXEPath = Input(LOF(lLFN), lLFN)
         ' remove an accidental CR/LF
        lLFN = InStr(sEXEPath, vbCrLf)
        If lLFN > 1 Then
            sEXEPath = Left(sEXEPath, lLFN - 1)
        End If
        ' Create the name of the EXE to shell to
        ' also add the command lines passed by the web-site
        Dim ok
        sEXEPath = App.Path + "\" + sEXEPath + " " + Command
        On Error Resume Next
        ' fire the appication
        ok = Shell(sEXEPath, vbNormal)
        If ok < 1 Then
            sMes = "Could not open file: " + sEXEPath _
            + vbCrLf + "Link file: " + sLinkFile + vbCrLf + Err.Description
            Exit Do
        End If

    MsgBox sMes, vbExclamation, App.Title

    End Sub
    LVL 17

    Expert Comment

    Further, you don't need to create an exe file to handle your functions, you can edit the .reg file to run a VB script  so instead f r:\\saracs\resource.exe etc.....just wscript.exe

    Bit like this:

    @="\"r:\\saracs\\resource.exe\" \"%1\""
    Say is you registered file type mag in this way, rename your vbs files to .mag should work ok.
    LVL 17

    Expert Comment

    Woops - Bit like this:

    @="\"wcript.exe\" \"%1\""
    LVL 16

    Accepted Solution

    The Run command tends to need quote marks around long file paths.  As such, try:

        Set oShell = CreateObject("WScript.Shell")
        nReturnCode = oShell.Run """%comspec%"" /c ""x:\pathto\myapp.exe""", 1, True

    You'll likely run into permissions issues if you intend to run this over the Web, though...

    LVL 16

    Expert Comment

    Alternatively, most browsers are set to respond to the telnet:// protocol, by launching the appropriate app.  You could alway put a link in your web page to    telnet://yourserver:port, using the following HTML:

        <a href="telnet://yourserver:port">Open telnet session</a>

    That should do it, too...



    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Introduction While answering a recent question ( in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
    Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  ( Here (http…
    Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
    Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now