Tuesday, September 22, 2015

Simple Remote control with HTTPLauncher

As a system engineer, the ability to remotely control computers has always been high on my priority list, and even though there are plenty of solutions on the market, they are all pretty complicated to use, or too cumbersome. They typically involve installing a dedicated client, and even those that are built-in windows like Remote Desktop are not ideal since they are not designed for automation.

I’ve finally decided to design a solution of my own for this – HTTPLauncher. It’s fairly limited, but it’s very easy to use, simple to install (just copy it to the target machine, and run it!) and very light at 71 KB.

Other than remote controlling a computer, this tool can also be integrated with other stuff, like Arm Suwarnaratana’s Home-automation bridge, and this integration allows you to perform tasks on the computer by issuing voice-commands to Amazon’s Echo device (Alexa). I’ll talk more about that in a later post.

Here’s how HTTPLauncher works:

1. You copy the executable and configuration file to a computer that you want to control.

2. You run it

3. On another computer (which could be ANY device that has a browser, including any Smartphone on the market), you type a URL into the browser, with a command embedded in the URL.

4. The target computer executes the command as-is

The command you put in the URL can be any standard Windows command, like you would type into the Start/Run dialog. This could be launching an application, running a script, and pretty much anything you like.

Naturally, this kind of thing can be VERY dangerous if some hacker gets into your network, so I also embedded some security measures:

1. The command has to have an authentication token. The default token is 39ed173-b77a-5e41-812d-7be9e992f920, and you can change it by editing the configuration file that comes with the application.

2. The launcher will reject commands that match one of the words in the Black List (for example, Format, Del, Delete). You can edit and expand the list to your liking.

3. The launcher has a delay of 3 seconds (configurable) between executing commands, so trying to brute-force the authentication token would take forever.

4. The launcher limits the command length to 120 characters (configurable), so that even if the password is somehow broken, it limits the things the attacker can do remotely.

The syntax for issuing a command is:

http://<target IP or hostname>:<target port>/<token><Command>

The default port is 8008, and you can change it in the configuration file, alongside the other stuff I mentioned earlier. The command comes right after the token, without any separators and delimiters. For example:

http://ErezBedroomPC:8008/39ed173-b77a-5e41-812d-7be9e992f920c:\program files\skype\skype.exe

As you can guess, this launches Skype on the remote computer. Note that you need to specify the FULL path to the executable! Similarly, you can close the program remotely, though that’s a little more complicated. Programs don’t normally accept a command to exit, but you can do this by using the system’s TaskKill utility, which is built-into windows. To use it, you would issue a command like this:

http://ErezBedroomPC:8008/39ed173-b77a-5e41-812d-7be9e992f920c:\Windows\System32\taskkill.exe /f /im skype.exe

When you run this, the browser will convert the spaces to %20, but that’s OK – the Launcher will be able to understand it, and it will also convert back-slashes to forward slashes. You can also use it to execute commands that aren’t executable by launching them with a CMD. Keep in mind to specify the full path to the command prompt. For example:

http://ErezBedroomPC:8008/39ed173-b77a-5e41-812d-7be9e992f920c:\windows\system32\cmd.exe /c dir "c:\temp" >c:\documents\FileList.txt

Note that I’m using /c as a parameter for CMD, so that it closes after it executes the command. You can use /K instead to leave the window open if you’re having trouble for debugging purposes. You can also examine the log created by the launcher to see what it did, and if it ran into errors.

Finally, keep in mind that these commands can be launched from anywhere! While the server-side (the launcher itself) is for Windows computers, the web requests that run the command can be launched on ANY browser that’s connected to the same network. For example, you can save the URL URL http://ErezBedroomPC:8008/39ed173-b77a-5e41-812d-7be9e992f920c:\Windows\System32\shutdown.exe -s -t 1 as a bookmark on your phone, and just visit it to tell your computer to shutdown. In fact, If you dare publish the target computer through your router to the public internet, then you can even do these things remotely from anywhere in the world, without installing any other special software (to be clear…the security measures on the launcher are, in my opinion as a cryptography engineer (***), NOT sufficient for a public-facing remote-control tool…so I do NOT encourage, condone or support doing this!).

Hope you like the tool!

*** I’m also working on a more business-oriented version of this engine, which will support more advanced security options, like HTTPS connections, White-listing commands, White-listing remote IPs, Hashed password, Central config file and more. Once it’s ready, I’ll release it and details on the blog. If you have ideas for other security measures or features, please drop me a line.

2 comments:

  1. To download, visit my app site: http://erezbenari.com/apps

    ReplyDelete
  2. the download link for this app doesn't work

    ReplyDelete