1

I'm trying to pass arguments from a PHP page's POST request into a powershell script.

This is the relevant PHP snippet:

            $selectedPartner = $_POST['partner'];
            $selectedGroup = $_POST['group'];
            $script = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe AddRemPartners";
            if (isset($_POST['partner']) && isset($_POST['group'])){
                if (isset($_POST['AddButton']) && $selectedPartner !== "Select Partner" && $selectedGroup !== "Select Group") {
                    echo "<br>";
                    echo "Adding " . $selectedPartner . " to " . $selectedGroup . "...<br>";
                    $cmd = $script . " -Add $selectedPartner $selectedGroup";
                    echo "command is:<br>" . $cmd;
                    shell_exec($cmd);

                    //shell_exec('C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe C:\\xampp\\htdocs\\admin\\AddRemPartners.ps1 -Add $selectedPartner //$selectedGroup');


                    //$command = shell_exec('C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe telnet 10.11.14.32 4444');
                    //echo "User added successfully!";
                }
                if (isset($_POST['RemoveButton']) && $selectedPartner !== "Select Partner" && $selectedGroup !== "Select Group") {
                    echo "<br>";
                    //echo "selection was REMOVE";
                }       
            }

And this is my powershell script:

Param([switch]$Add, [switch]$Remove, [string]$User, [string]$Group)

$secpasswd = ConvertTo-SecureString "P@sSw0rd" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("userPortal", $secpasswd)
$server = "host.fqdn"

function AddRemPartners
{ 
    if ($Add){
    Write-Host "Add var = $Add"
    Write-Host "Add was selected"
    Add-ADGroupMember -Server $server -Credential $creds -Identity $Group -Member $User
    }
    if ($Remove) {
    Write-Host "Remove var = $Remove"
    Write-Host "Remove was selected"
    Remove-ADGroupMember -Server $server -Credential $creds -Identity "$Group" -Member "$User" -Confirm:$false
    }
}
AddRemPartners -Add $Add -Remove $Remove -User $User -Group $Group

Things I know:

  1. The php post parameters are good. I captured the request in burpsuit and know that all the correct args are getting sent

  2. The resultant ps query that is built is also good. I output it to the screen and it looks like this:

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe AddRemPartners -Add Dude1 Dude1Group

  3. No network issues. If I run the above command directly from within PowerShell is executes correctly.

  4. I've sourced my script using . .\AddRemPartners.ps1 so I can call my function directly as such:

    PS > AddRemPartners -Add User Group

    PS > AddRemPartners -Remove User Group

I've narrowed it down to this: I can't execute my ps script from cmd like this:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe AddRemPartners -Add User Group

As that errors out with this:

AddRemPartners : The term 'AddRemPartners' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the
name, or if a path was included, verify that the path is correct and try again.

I believe this to be suspect/culpable since I need run that in PHP. So PHP is probably running into the same issue. So why won't cmd recognize my script if I call powershell at the same time as execution?

Any tips and guidance greatly appreciated. I'm at wits end unfortunately. :/

Improve this question
0

1 Answer 1

Reset to default
3

First parameter for PS should be full path of script. Then you should respect parameter definition of PS, on command line as in the script.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\whereis\AddRemPartners.ps1 -Add -user User -group Group

First line of the script should be parameter definition and defaults.

param([string]$user, [string]$group, [switch]$Add, ...);
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I tried that and seem to get the same results. I updated my php to point to the full path of the script, and use the params. This was the final command being executed: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\xampp\htdocs\AddRemPartners.ps1 -Add -user guest -group group
Sorry, to be clear: if I run that from cmd, it doesn't give me an error about the cmdlet not being recognized. It runs, but does not work. Whereas if I run it from PS it does. I think this might have to do with importing my script at a module and/or sourcing it. It seems to work within the same shell as where I sourced it. But a new shell it fails...
I updated the ps1 script so that the first line of the function looks like this: function AddRemPartners ([switch]$Add, [switch]$Remove, [string]$User, [string]$Group){ ... } AddRemPartners $User $Group
Please update script in your question. The last line should pass the add or the remove parameter to the function.
Wouldn't I not be passing either -Add or -Remove at the end since that is supposed to be dynamic (i.e. up to the user)? If the php post request sees that Add or Remove button was selected, it invokes the corresponding logic. That is, it calls the script with one of the flags. If I added it to the end wouldn't be hardocding it to use just one of them?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.