2007-02-10 07:29:05 +00:00
|
|
|
#
|
|
|
|
# Author: Metasploit LLC
|
|
|
|
# Description: The AJAX console controller of msfweb
|
|
|
|
#
|
2007-01-18 15:31:42 +00:00
|
|
|
class ConsoleController < ApplicationController
|
2007-01-19 08:46:06 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Show the working shell and related facilities.
|
|
|
|
#
|
|
|
|
def index
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
cid = params[:id]
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
if (not (cid and $msfweb.consoles[cid]))
|
|
|
|
cid = $msfweb.create_console
|
2007-02-18 23:26:30 +00:00
|
|
|
|
|
|
|
if (params[:sid])
|
|
|
|
$msfweb.consoles[cid].write("sessions -i #{params[:sid]}\n")
|
|
|
|
$msfweb.consoles[cid].write("\n\n")
|
|
|
|
end
|
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
redirect_to :id => cid
|
|
|
|
return
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-18 22:35:07 +00:00
|
|
|
|
|
|
|
script = "// Metasploit Web Console Data\n"
|
|
|
|
out = ""
|
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
@cid = params[:id]
|
|
|
|
@console = $msfweb.consoles[@cid]
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-18 22:35:07 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
if(params[:cmd])
|
2007-02-18 22:35:07 +00:00
|
|
|
@console.write(params[:cmd] + "\n")
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-18 22:35:07 +00:00
|
|
|
if(params[:read])
|
|
|
|
out = @console.read() || ''
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-18 22:35:07 +00:00
|
|
|
|
|
|
|
if(params[:special])
|
|
|
|
case params[:special]
|
|
|
|
when 'kill'
|
|
|
|
@console.session_kill
|
|
|
|
when 'detach'
|
|
|
|
@console.session_detach
|
2007-02-18 04:25:46 +00:00
|
|
|
end
|
2007-01-19 08:46:06 +00:00
|
|
|
end
|
2007-02-18 22:35:07 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
if(params[:tab])
|
|
|
|
opts = []
|
|
|
|
cmdl = params[:tab]
|
|
|
|
out = ""
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-18 04:25:46 +00:00
|
|
|
if (not @console.busy and params[:tab].strip.length > 0)
|
2007-01-20 22:19:32 +00:00
|
|
|
opts = @console.tab_complete(params[:tab]) || []
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
if (opts.length == 1)
|
|
|
|
cmdl = opts[0]
|
|
|
|
else
|
|
|
|
if (opts.length == 0)
|
|
|
|
# aint got nothin
|
|
|
|
else
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
cmd_top = opts[0]
|
|
|
|
depth = 0
|
|
|
|
|
|
|
|
while (depth < cmd_top.length)
|
|
|
|
match = true
|
|
|
|
opts.each do |line|
|
|
|
|
next if line[depth] == cmd_top[depth]
|
|
|
|
match = false
|
|
|
|
break
|
|
|
|
end
|
|
|
|
break if not match
|
|
|
|
depth += 1
|
|
|
|
end
|
|
|
|
|
|
|
|
if (depth > 0)
|
|
|
|
cmdl = cmd_top[0, depth]
|
|
|
|
end
|
|
|
|
|
2007-02-18 22:35:07 +00:00
|
|
|
out << "\n" + opts.map{ |c| ">> " + c }.join("\n")
|
2007-01-20 22:19:32 +00:00
|
|
|
end
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-18 22:35:07 +00:00
|
|
|
tln = cmdl.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
script += "var con_tabbed = unescape('#{tln}');\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
if(params[:read])
|
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
out = out.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
pro = @console.prompt.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
2007-02-18 04:25:46 +00:00
|
|
|
if (@console.busy)
|
|
|
|
pro = '(running)'.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
end
|
2007-02-18 22:35:07 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
script += "var con_prompt = unescape('#{pro}');\n"
|
|
|
|
script += "var con_update = unescape('#{out}');\n"
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
send_data(script, :type => "text/javascript")
|
2007-02-10 06:54:03 +00:00
|
|
|
end
|
2007-01-19 08:46:06 +00:00
|
|
|
end
|
|
|
|
|
2007-01-18 15:31:42 +00:00
|
|
|
end
|