Web >> Development >> PHP >> How to resolve shell_exec() unable to run in a PHP page

1.  Confirm that you have the following executables in C:\WINDOWS\SYSTEM32 (or more generically %systemroot%\system32)


2.  Check the current ACL for these executables

c:\windows\system32> cacls cmd.exe
c:\windows\system32> cacls whoami.exe

3.  If the user "Everyone" is not granted Read (R) access, then TEMPORARILY grant as follows

c:\windows\system32> cacls cmd.exe /E /G everyone:R
c:\windows\system32> cacls whoami.exe /E /G everyone:R

4.  Create whoami.php with the following content

$output = shell_exec("whoami");
echo "<pre>$output</pre>";

5.  Load whoami.php on a web browser and note the username displayed e.g. in my case it showed


6.  Revoke "Everyone's" permission if it had to be added in step 3 above

c:\windows\system32> cacls cmd.exe /E /R everyone
c:\windows\system32> cacls whoami.exe /E /R everyone

7.  Grant only the username found in step 5 with the Read+Execute permission (R) to cmd.exe

c:\windows\system32> cacls cmd.exe /E /G ct29296\iusr_template:R

Remember to use the correct username for your own system.