[bigdaddy424]

• Description
  Execute shell commands directly from the game console
• Features
  - Background Execution
  - Track and kill running background processes
  - Restricted Commands: Certain commands require confirmation before execution
  - Logging: All executed commands are logged to ensure visibility
  - Command History: Stores previously executed commands for easy retrieval
  - Process Monitoring: Check the status and resource usage of running processes
  - Output Redirection: Redirect command output to a file
  - Administrative Mode: Enable or disable administrative privileges
  - Cleanup: Automatically remove terminated background processes from the list
  - Help Command: Displays detailed usage instructions for all available commands
  - Secure Execution: Prevents execution of potentially harmful shell metacharacters
  - Confirmation System: Ensures user confirmation before executing restricted commands
  - Command Execution Modes: Supports both foreground and background execution
  
• Usage
  - Execute a command: shell <command>
  shell pwd
  - Run a command in the background: shell bg <command>
  shell bg ./myscript.sh
  - Execute a command in the background and output in given file: shell bgfile "<command>" <filepath>
  shell bgfile "./myscript.sh" ./output.log
  - Terminate background process by PID: shell kill <PID>
  shell kill 21241
  - List running background processes: shell list
  PID 21241 (./myscript.sh)
  - Execute a restricted command: shell <restricted_command>
  shell reboot
  shell confirm
  - Cancel pending restricted command: shell cancel
  - Show command history: shell history
  1) ./myscript.sh
  - Re-run a command from history: shell rerun <index>
  shell rerun 1
  - Execute and redirect output to file(not asynchronous): shell redirect "<command>" <filepath>
  shell redirect "./myscript.sh" output.txt
  - Clean up terminated background processes: shell cleanup
  - Toggle admin mode: shell admin <on|off>
  - Display resource usage for a process: shell resourcemon <PID>
  shell resourcemon 21241
  - Execute a shell command using execve: shell execve <command>
  shell execve /bin/df .
  - Display this help message: shell help
• Install
  Download zip file
  Create directory ~game~/addons/shell_exec
  Drop the file shell_exec_mm_i380.so inside
  Add linux addons/shell_exec/shell_exec_mm_i386.so to addons/metamod/plugins.ini
• Build
  Download required dependencies
  
  Code:

  sudo dpkg --add-architecture i386
  sudo apt update
  sudo apt install -y \
      g++ \
      g++-multilib \
      build-essential \
      make \
      cppcheck \
      gcc-multilib \
      g++-multilib \
      lib32gcc-s1 \
      lib32stdc++6 \
      libc6-dev-i386 \
      libstdc++6:i386 \
      libstdc++-12-dev:i386 \
      binutils

  Run: make
• Notes
  Plugin will automatically create restricted_commands.cfg with preset commands
  This plugin runs system commands, and executing them without proper knowledge or research can be risky, use with caution and at your own responsibility.
  This code heavily relies on popen() function and is used to execute a shell command and create a pipe to read or write its output
  If in any way popen does not work shell execve <command> will still be able to execute command
  Server hosts should prevent shell command execution by setting the user's shell to /usr/sbin/nologin, which disables popen(), and by adding +localinfo noshell 1 (or yes/true) to launch options.
  - Disable popen: sudo usermod -s /usr/sbin/nologin username[/tt]
  - Disable execve: ./hlds_run -game ... +localinfo noshell 1
  
  Code:

  $ objdump -T Release/shell_exec_mm_i386.so | grep GLIBC_
  00000000      DF *UND*  00000000 (GLIBC_2.0)  dup2
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strstr
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strcmp
  00000000      DO *UND*  00000000 (GLIBC_2.0)  __environ
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strcspn
  00000000      DF *UND*  00000000 (GLIBC_2.7)  __isoc99_fscanf
  00000000      DF *UND*  00000000 (GLIBC_2.0)  _exit
  00000000      DF *UND*  00000000 (GLIBC_2.0)  fgets
  00000000      DF *UND*  00000000 (GLIBC_2.1)  fclose
  00000000      DF *UND*  00000000 (GLIBC_2.0)  time
  00000000      DF *UND*  00000000 (GLIBC_2.1)  popen
  00000000  w   DF *UND*  00000000 (GLIBC_2.1.3) __cxa_finalize
  00000000      DF *UND*  00000000 (GLIBC_2.0)  perror
  00000000      DF *UND*  00000000 (GLIBC_2.0)  waitpid
  00000000      DF *UND*  00000000 (GLIBC_2.0)  system
  00000000      DF *UND*  00000000 (GLIBC_2.0)  dirname
  00000000      DF *UND*  00000000 (GLIBC_2.0)  kill
  00000000      DF *UND*  00000000 (GLIBC_2.1)  pclose
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strftime
  00000000      DF *UND*  00000000 (GLIBC_2.0)  localtime
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strchr
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strlen
  00000000      DF *UND*  00000000 (GLIBC_2.0)  fprintf
  00000000      DF *UND*  00000000 (GLIBC_2.0)  execve
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strcasecmp
  00000000      DF *UND*  00000000 (GLIBC_2.1)  fopen
  00000000      DF *UND*  00000000 (GLIBC_2.0)  mkdir
  00000000      DF *UND*  00000000 (GLIBC_2.0)  snprintf
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strncpy
  00000000      DF *UND*  00000000 (GLIBC_2.0)  fileno
  00000000      DF *UND*  00000000 (GLIBC_2.0)  access
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strtok
  00000000      DF *UND*  00000000 (GLIBC_2.0)  fork
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strncmp
  00000000      DO *UND*  00000000 (GLIBC_2.0)  environ
  00000000      DF *UND*  00000000 (GLIBC_2.0)  strtol
  00000000      DF *UND*  00000000 (GLIBC_2.0)  fputs
  
  $ file Release/shell_exec_mm_i386.so
  Release/shell_exec_mm_i386.so: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=73e0b8dff26dd958bfd1ab9cd448793bebad1bca, stripped

• Image
  

[HamletEagle]

This is such a terrible idea that it is funny. Just because you could you never stopped to think if you should.

Not directed at you in any way, it's a cool showcase, but terrible in practice.

[bigdaddy424]

Hi, and thanks for your feedback!

I'm surprised no one has thought of releasing something like this before. I believe it simplifies the process of connecting AMXX with external programs. For example, I came up with a way to track and log players' network bandwidth data(including robots). I managed to save it to an SQL database and quickly put together a simple GUI using PHP and HTML.
I've attached it here for your review

In order to make this work I had to edit configs/sql.cfg and bandwidth_data.php to adjust the sql settings and configured the python script settings directly from calling arguments,
I put the python script in Half-Life folder and executed:
shell bg python3 bandwidth.py --verbose
There's an image in the zip file as a reference

[bigdaddy424]

There was some compatibility issues where library stat was not compatible on older versions so I had to replace it with access instead. Logically the plugin should work on GLIBC v2.1.3(released on February 17, 2000) or newer