1

Hi I am using the code below to retrieve client username on my website but it only works for me on localhost, other people connected remotely to the file its just finding nothing with no errors or anything. 

exec("wmic /node:$_SERVER[REMOTE_ADDR] COMPUTERSYSTEM Get UserName", $user);
echo($user[1]);

What is the problem ?

Julian Zahra
  • 63
  • 1
  • 9
  • that code looks.. dangerous (I could be wrong - someone correct if the case) - why don't you use more traditional code like `$userClass->getUserName($userId)`? – treyBake Feb 28 '18 at 15:13
  • You can use wmic only as System Administrator and only on windows. Which ist absolutly fine. Just read this https://support.microsoft.com/en-us/help/290216/a-description-of-the-windows-management-instrumentation-wmi-command-li – Oliver Feb 28 '18 at 15:14
  • In what context is this command run? This is not a command you can have a browser run remotely. – Daniel Gale Feb 28 '18 at 15:15

1 Answers1

0

For a remote system you may need to send administrator credentials, e.g.

exec("wmic /node:$_SERVER[REMOTE_ADDR] /user:administrator /password:mypassword COMPUTERSYSTEM Get UserName", $user);
echo($user[1]);

I'd also research if safe to trust REMOTE_ADDR and use it in this way with wmic.

If you are using IIS and looking to get the remote users AD username, this may help: Can you get a Windows (AD) username in PHP?

Chris Wheeler
  • 1,623
  • 1
  • 11
  • 18
  • In what way can it be unsafe ? – Julian Zahra Feb 28 '18 at 15:36
  • I *think* it's OK to use REMOTE_ADDR as its *probably* generated by your web server, rather than the remote client. But if the remote client setup a dummy wmic interface on their machine they may be able to log your access attempt or even credentials. Generally, this type of code just doesn't look like the correct approach. Perhaps you could explain what you are trying to achieve and why and you may get some better answers. – Chris Wheeler Feb 28 '18 at 15:45
  • Im creating a survey for this company and want to retrieve the computer username when the user submits the form – Julian Zahra Feb 28 '18 at 16:01
  • Are you using IIS? If so see my edit. If using Apache on Linux things get more complicated, but it can be done with Kerberos and mod_auth_kerb – Chris Wheeler Feb 28 '18 at 16:06
  • It worked when hosted through wamp, but not when hosted on a server. What do i need to change for it to work on a server ? – Julian Zahra Mar 06 '18 at 10:44
  • What do you mean 'on a server'? – Chris Wheeler Mar 06 '18 at 10:57
  • before it was hosted on a local computer on the network, now its hosted on a server which isn't on the same network – Julian Zahra Mar 06 '18 at 16:15
  • it gives me this error when run on the server : Notice: Undefined offset: 1 – Julian Zahra Mar 07 '18 at 07:49
  • Ok, the server the code is running on will need to be on the same network, otherwise the server can't connect to the client machine over the network to get the info. – Chris Wheeler Mar 07 '18 at 16:39