@@ -229,9 +234,74 @@
<%# Wizard step 3 - exploitation %>
<%
elsif (step == 3)
- %>
-Exploit time
+ # Is JS disabled in the client's browser?
+ nojs = query_string['nojs'] == '1' ? true : false
+
+ # Create the exploit instance
+ modinst = framework.exploits.create(name)
+
+ # Set the encoder/nop to nil if it's not valid.
+ query_string['encoder'] = nil if (query_string['encoder'] == '__default')
+ query_string['nop'] = nil if (query_string['nop'] == '__default')
+
+ # Build the options string
+ options = ''
+
+ query_string.each_pair { |k, v|
+ next if v.nil? or v.length == 0
+
+ if k =~ /^opt_(.*)$/
+ options += "#{$1}=#{v} "
+ end
+ }
+
+ # Use buffered output by default
+ output = Rex::Ui::Text::Output::Buffer.new
+
+ # If we support javascript, then we'll use something better
+ if nojs == false
+ # TODO
+ end
+
+ # Whether or not we should run this as a job
+ as_job = modinst.passive? || (nojs == false)
+
+ # Kick off the exploit process
+ error = false
+
+ begin
+ modinst.exploit_simple(
+ 'Encoder' => query_string['encoder'],
+ 'Nop' => query_string['nop'],
+ 'Payload' => query_string['payload'],
+ 'Target' => query_string['target'].to_i,
+ 'OptionStr' => options,
+ 'LocalOutput' => output,
+ 'LocalInput' => nil,
+ 'RunAsJob' => as_job)
+ rescue
+ display = "Error: " + html_escape($!) + ""
+ error = true
+ end
+
+ # Use the buffered output for display if we didn't fail.
+ if error == false
+ display = html_escape(output.buf).gsub(/\n/, " ")
+
+ if as_job
+ display += "
Exploit is now running in the background."
+ end
+ end
+%>
+
+
+
+Launching exploit <%= modinst.refname %> ...
+
+
+
+<%= display %>
<% else %>
Unknown step: <%= html_escape(step) %>
diff --git a/data/msfweb/msfweb_common.rb b/data/msfweb/msfweb_common.rb
index df212cb596..126c10a1b2 100644
--- a/data/msfweb/msfweb_common.rb
+++ b/data/msfweb/msfweb_common.rb
@@ -31,15 +31,18 @@ module Common
|
|
diff --git a/lib/msf/core/handler/passivex.rb b/lib/msf/core/handler/passivex.rb
index b00787b40f..e5749b1a93 100644
--- a/lib/msf/core/handler/passivex.rb
+++ b/lib/msf/core/handler/passivex.rb
@@ -329,7 +329,11 @@ protected
print_status("Sending PassiveX main page to client")
when "/passivex.dll"
resp['Content-Type'] = 'application/octet-stream'
- resp.body = IO.readlines(datastore['PXAXDLL']).join
+ resp.body = ''
+
+ File.open(datastore['PXAXDLL'], "rb") { |f|
+ resp.body = f.read
+ }
print_status("Sending PassiveX DLL (#{resp.body.length} bytes)")
when "/stage"
diff --git a/lib/msf/core/payload/windows/dllinject.rb b/lib/msf/core/payload/windows/dllinject.rb
index e663326b8c..931f3d090a 100644
--- a/lib/msf/core/payload/windows/dllinject.rb
+++ b/lib/msf/core/payload/windows/dllinject.rb
@@ -214,7 +214,9 @@ module Payload::Windows::DllInject
data = library_name + "\x00"
begin
- data += IO.readlines(library_path).join
+ File.open(library_path, "rb") { |f|
+ data += f.read
+ }
rescue
print_error("Failed to load DLL: #{$!}.")
diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb
index 3fde42a3e4..89722bc9f5 100644
--- a/lib/msf/ui/console/driver.rb
+++ b/lib/msf/ui/console/driver.rb
@@ -47,6 +47,13 @@ class Driver < Msf::Ui::Driver
# the local system.
#
def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {})
+
+ # The command prompt doesn't like bling bling'in colors.
+ if (RUBY_PLATFORM =~ /win/)
+ prompt = "msf"
+ prompt_char = ">"
+ end
+
# Call the parent
super(prompt, prompt_char)
diff --git a/lib/msf/ui/web/driver.rb b/lib/msf/ui/web/driver.rb
index 39df737129..3743c56507 100644
--- a/lib/msf/ui/web/driver.rb
+++ b/lib/msf/ui/web/driver.rb
@@ -7,7 +7,6 @@ module Msf
module Ui
module Web
-
###
#
# This class implements a user interface driver on a web interface.
@@ -18,6 +17,16 @@ class Driver < Msf::Ui::Driver
ConfigCore = "framework/core"
ConfigGroup = "framework/ui/web"
+ @@Eid = 0
+
+ #
+ # Returns the next unique exploit identifier.
+ #
+ def self.next_eid
+ @@Eid += 1
+ @@Eid.to_s
+ end
+
#
# The msfweb resource handler that wrappers the default Erb handler.
#
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index 33b1d384f0..34e5b06e82 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -81,7 +81,11 @@ class ClientCore < Extension
# If we must upload the library, do so now
if ((load_flags & LOAD_LIBRARY_FLAG_LOCAL) != LOAD_LIBRARY_FLAG_LOCAL)
- image = ::IO.readlines(library_path).join
+ image = ''
+
+ File.open(library_path, 'rb') { |f|
+ image = f.read
+ }
if (image != nil)
request.add_tlv(TLV_TYPE_DATA, image)
@@ -325,7 +329,12 @@ class ClientCore < Extension
# Transmit the size of the server
metsrv = "data/meterpreter/metsrv.dll"
- buf = "metsrv.dll\x00" + ::IO.readlines(metsrv).join
+ buf = "metsrv.dll\x00"
+
+ File.open(metsrv, 'rb') { |f|
+ buf += f.read
+ }
+
size = buf.length
# Give the stage some time to transmit
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb b/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
index d124b06f19..5d83244a06 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
@@ -90,7 +90,11 @@ Separator = "\\"
# Open the file on the remote side for writing and read
# all of the contents of the local file
dest_fd = client.fs.file.new(dest_file, "wb")
- src_buf = ::IO.readlines(src_file).join
+ src_buf = ''
+
+ File.open(src_file, 'rb') { |f|
+ src_buf = f.read
+ }
begin
dest_fd.write(src_buf)
diff --git a/lib/rex/post/meterpreter/ui/console.rb b/lib/rex/post/meterpreter/ui/console.rb
index 52151fd936..6f8312fed7 100644
--- a/lib/rex/post/meterpreter/ui/console.rb
+++ b/lib/rex/post/meterpreter/ui/console.rb
@@ -24,7 +24,11 @@ class Console
# Initialize the meterpreter console.
#
def initialize(client)
- super("%umeterpreter%c")
+ if (RUBY_PLATFORM =~ /win/)
+ super("meterpreter")
+ else
+ super("%umeterpreter%c")
+ end
# The meterpreter client context
self.client = client
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
index 6cc004abd8..1210fde4ad 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
@@ -330,7 +330,12 @@ class Console::CommandDispatcher::Core
# the channel
if (src_file)
begin
- data = ::IO.readlines(src_file)
+ data = ''
+
+ File.open(src_file, 'rb') { |f|
+ data = f.read
+ }
+
rescue Errno::ENOENT
print_error("Invalid source file specified: #{src_file}")
return true
diff --git a/lib/rex/proto/http/handler/erb.rb b/lib/rex/proto/http/handler/erb.rb
index ca95483474..22adec667e 100644
--- a/lib/rex/proto/http/handler/erb.rb
+++ b/lib/rex/proto/http/handler/erb.rb
@@ -56,7 +56,11 @@ class Handler::Erb < Handler
file_path = root_path + resource
# Serialize the contents of the file
- data = ::IO.readlines(file_path).join
+ data = ''
+
+ File.open(file_path, 'rb') { |f|
+ data = f.read
+ }
# Set the content-type to text/html by default. We do this before
# evaluation so that the script can change it.