Running Glype proxy at home. need to remote shutdown?

[H@L0_F00]

I Installed WAMP and Glype on my Win XP box at home.

I'll be using Glype as a personal proxy at school but I need a way to shutdown the WHOLE system remotely before my parents get home from work and realize I know the admin password, I've kept the computer on all day, and that I'm running a proxy through the computer lol

any ideas???

-Thanks in advance

[Sparda]

err... cron... I mean task scheduler.

[moonlit]

...and then one day your parents come home early or the task scheduler fails to kick in for some reason. Instafucked.

Might I recommend a more discrete device than a PC, preferably one that you personally own?

[thegubble]

Well, you have a few opens here:

1:

Place a password protected file on the webserver that runs the shell command "shutdown -s -f", that way when your done, you just open the page, type in the password, and the computer shuts down. (Make sure you have the 'f' to force shutdown)

2:

This is a project i had running a while ago, using a spare mobile phone, an AVR ATMega88 microcontroller, and 30mins of spare time. You hook the phone up to the microcontroller and setup an interrupt that triggers when the phone receives a message. It then pulls the message off the phone via serial and reads it. In my setup i had 3 commands: "ON" (Turns the computer on), "OFF" (Turns the computer off), "KILL" (Holds down the power button and does a force shutdown). By attaching the microcontroler to the power jumpers on the motherboard, i could emulate pressing the power button. This was great because i could turn on my computer when i needed it, and then shut it down when i was done. I'll try and dig up the schematics for this.

3:

Cron/AT/Taskmanager

There is a windows version of cron floating around the forums somewhere, try and find it. The only downside to this method is that the computer is on all the time until the task fires, and as said above, what if the task does not fire.

4:

Buy some web-hosting somewhere else and place the proxy there.

Good luck!

[vector]

usually theres an auto on/off setting in the bios that will tell the computer to turn on or, ya you guessed it, off at a specified time.

[Steve8x]

Well you should setup an SSH server on your box at home, so that way you could have all your traffic secured! Your bypassing the filter in place, but still a sniffer could see all your packets in plain text! your not doing it safely! That would also kill 2 birds with one stone because then since your ssh'd into your box and tunneling your traffic, you could also run the shutdown command from bash/command prompt!

I recommend MobaSSH as I like it the best... Make sure to portforward ;)

setting up the SSH tunnel is easy, I'll help you if you can't quite grasp it...

For a temporary solution as thegubble suggested, copy a php file to your web server(yet another reason you should have SSH setup so you could remotely manage your webserver securely[sFTP/SCP]) which will execute the shutdown command on your machine at home.

Here's an example script I just wrote. Basically it shows you an Admin Login form when you first go to it! You'll have to supply the username and password stored in this file correctly to actually log in. The default is "root" and "1234", so change that and remember it! You'll need that info to shutdown your PC...

Once you type your login info and submit it. The username and the password are hashed together with SHA1, the generated hash is then compared to the valid login hash. If they match then you typed your password correct and you can continue!

After being logged in you'll see the page looks like this:

It has the auto-filled shutdown command about the way you'd want it! you can tweak it a little if desired before hitting Execute!. You could actually run another command to... but be careful, commands that don't finish immediately lag the script. Don't try to run GUI apps at all!

<?php

$Self = $_SERVER['PHP_SELF'];

if(isset($_GET['reset'])) //Delete the cookie, effectively logging you out...
{
    $blank = "";
    setcookie("shutdownaccess", $blank, time()-300);
    echo "<meta http-equiv='refresh' content='0;url=$Self'>";
}

if(isset($_POST['auth']))
{
    $user = $_POST['user'];
    $pass = $_POST['pword'];

    $logininfo = "$user-$pass";

    //store the username + password cookie as a SHA1 hash so they aren't in plaintext!
    $loginhash = SHA1($logininfo);

    setcookie("shutdownaccess", $loginhash, time()+300); // 300 seconds = 5 minutes

    echo "<meta http-equiv='refresh' content='0;url=$Self'>";
}

?>

<html>
<head>
<title>Remote Shutdown Of My PC :)</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<center>

<?php

//change these!!
//you will need this info to login

$USER = "root";
$PASSWORD = "1234";

//if no cookie is set, then show the login page
if(!isset($_COOKIE['shutdownaccess']))
{
    echo "<h1> Admin Login: </h1>";
    echo "<p><form method='post' action='$Self'>";
    echo "<table border='2' cellspacing='2' cellpadding='0'><tr>";
    echo "<td>Username: </td><td> <input name='user' type='text' id='user'> </td> </tr>";
    echo "<td>Password: </td><td> <input name='pword' type='password' id='pword'></td></tr> </table>";
    echo "<p> <input type='submit' name='auth' id='auth' value='Login'>";
    echo "</form>";
    die();
}
else
{
    //otherwise validate the username and password stored in the cookie!
    $loginhash = $_COOKIE['shutdownaccess'];

    $validlogin = "$USER-$PASSWORD";
    $validloginhash = SHA1($validlogin);

    if($validloginhash != $loginhash)
    {
        echo "<h2>INVALID HASH!</h2><h3>$loginhash</h3>";
        echo "Bad Username Or Password!<p>";
        echo "<a href=\"$Self?reset=1\"> Try Again </a>";
        exit();
    }

    if(isset($_POST['execute']))
    {
        $cmdline = $_POST['cmdline'];
        
        system($cmdline);
    }
    
    echo "<a href=\"$Self?reset=1\"> Logout </a>";
    echo "<h1> Remote Shutdown </h1>";
    echo "<form method='post' action='$Self'>";
    echo "<input type='text' name='cmdline' value='shutdown -s -t 1 -c \"Shutting Down!\" -f' size='50'><p>";
    echo "<input type='submit' name='execute' value='Execute!'>";
    echo "</form>";
}

?>

[H@L0_F00]

WOW! Thanks for all the quick replies! lol

Ya I was considering and reading about the SSH option but a lot of people say you must be "fairly familiar" with *nix.

The problem is that the only *nix I regularly use are BT2/3 and Ophcrack distros so I figured I'd go the easier rout with just the glype.

I read of people using ONLY SSH as an anonymizer... is that possible??

I have the admin password for the school computers so cmd is MINE!!! :P

[Sparda]

I have the admin password for the school computers so cmd is MINE!!! :P

Why wouldn't it be yours? Besides, command prompt isn't that useful.

My day to day uses consist of ping, ipconfig and nslookup

[H@L0_F00]

damn school admin disabled ALMOST everything on student accounts.

but I really need to have a word with him cuz sadly its an IT class!!!

false sense of security + IT class =

although NOBODY at my school knows ANYTHING about BT or Ophcrack... let alone LINUX!! :(

[moonlit]

NOBODY at my school knows ANYTHING about BT or Ophcrack... let alone LINUX!! :(

That's because they don't need to. To a lesser extent in the case of Linux, but all are fairly specific niche tools and you would only know about them or need to know about them if you're in that niche. Why would Joe Shmoe need to know about a Linux distro specifically tailored to penetration testing and security? Does everyone know how to pick a lock? Does everyone know how to bruteforce a device that accepts IR based input? Does everyone know how to hotwire a car?

[Xarf]

Probably a bad idea to go to your sysadmin to tell them that you know their admin login credentials.

If you'd read the ever-growing 'Schoolkid locked up for haxxing' threads that keep popping up you'd know this.

Just create a batch file in win .. "shutdown -s -f -t 01" and set it to auto-open using task scheduler as Sparda said.

[H@L0_F00]

@moonlit. Ya I understand but it's just sad that they're missing out on all the fun!! lol

@Xarf. Ya talkin to sysadmin thing might not go down too well lol

but one day we were switching from iMacs to Dells in my IT class and we had to login to test them all,

max simultaneous logins at school is 2 which I hit so I went to login as "localadmin" abd he goes, "localadmin? you don't know the localadmin password" which I already knew at the time but I obviously wasn't gonna tell him so I say, "sure I do! admin, default, password, 1234, etc." and named off some default passwords to hint that i know more than the normal Myspace addict lol he says "oh! well you know what your talking about huh? you've been around the block a couple times!" haha so I feel like he has some degree of respect for me know! :)

Now I just gotta crash the school server! haha just kidding guys! calm down! ;)

[pehden]

@moonlit. Ya I understand but it's just sad that they're missing out on all the fun!! lol

@Xarf. Ya talkin to sysadmin thing might not go down too well lol

but one day we were switching from iMacs to Dells in my IT class and we had to login to test them all,

max simultaneous logins at school is 2 which I hit so I went to login as "localadmin" abd he goes, "localadmin? you don't know the localadmin password" which I already knew at the time but I obviously wasn't gonna tell him so I say, "sure I do! admin, default, password, 1234, etc." and named off some default passwords to hint that i know more than the normal Myspace addict lol he says "oh! well you know what your talking about huh? you've been around the block a couple times!" haha so I feel like he has some degree of respect for me know! :)

Now I just gotta crash the school server! haha just kidding guys! calm down! ;)

I was reading this and wondering what do want to be when your older lmfao.