changes to support native win32
git-svn-id: file:///home/svn/incoming/trunk@3654 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
a8050a09ff
commit
1a61d3d2fb
|
@ -166,6 +166,7 @@
|
|||
<br/>
|
||||
|
||||
<form method='GET'>
|
||||
<input type='hidden' name='eid' value="<%= Msf::Ui::Web::Driver::next_eid %>"/>
|
||||
<input type='hidden' name='name' value="<%= html_escape(name) %>"/>
|
||||
<input type='hidden' name='step' value="<%= step + 1 %>"/>
|
||||
<input type='hidden' name='target' value="<%= html_escape(modinst.datastore['TARGET']) %>"/>
|
||||
|
@ -215,6 +216,10 @@
|
|||
|
||||
<tr><td colspan='5'> </td></tr>
|
||||
|
||||
<noscript>
|
||||
<input type='hidden' name='nojs' value="1"/>
|
||||
</noscript>
|
||||
|
||||
<tr>
|
||||
<td colspan='3' align='right'>
|
||||
<input type='submit' name='action' value='Check' class='button'/>
|
||||
|
@ -229,9 +234,74 @@
|
|||
<%# Wizard step 3 - exploitation %>
|
||||
<%
|
||||
elsif (step == 3)
|
||||
|
||||
# Is JS disabled in the client's browser?
|
||||
nojs = query_string['nojs'] == '1' ? true : false
|
||||
|
||||
# Create the exploit instance
|
||||
modinst = framework.exploits.create(name)
|
||||
|
||||
# Set the encoder/nop to nil if it's not valid.
|
||||
query_string['encoder'] = nil if (query_string['encoder'] == '__default')
|
||||
query_string['nop'] = nil if (query_string['nop'] == '__default')
|
||||
|
||||
# Build the options string
|
||||
options = ''
|
||||
|
||||
query_string.each_pair { |k, v|
|
||||
next if v.nil? or v.length == 0
|
||||
|
||||
if k =~ /^opt_(.*)$/
|
||||
options += "#{$1}=#{v} "
|
||||
end
|
||||
}
|
||||
|
||||
# Use buffered output by default
|
||||
output = Rex::Ui::Text::Output::Buffer.new
|
||||
|
||||
# If we support javascript, then we'll use something better
|
||||
if nojs == false
|
||||
# TODO
|
||||
end
|
||||
|
||||
# Whether or not we should run this as a job
|
||||
as_job = modinst.passive? || (nojs == false)
|
||||
|
||||
# Kick off the exploit process
|
||||
error = false
|
||||
|
||||
begin
|
||||
modinst.exploit_simple(
|
||||
'Encoder' => query_string['encoder'],
|
||||
'Nop' => query_string['nop'],
|
||||
'Payload' => query_string['payload'],
|
||||
'Target' => query_string['target'].to_i,
|
||||
'OptionStr' => options,
|
||||
'LocalOutput' => output,
|
||||
'LocalInput' => nil,
|
||||
'RunAsJob' => as_job)
|
||||
rescue
|
||||
display = "<span style='font-weight: bold'><span style='color: red'>Error:</span> " + html_escape($!) + "</span>"
|
||||
error = true
|
||||
end
|
||||
|
||||
# Use the buffered output for display if we didn't fail.
|
||||
if error == false
|
||||
display = html_escape(output.buf).gsub(/\n/, "<br>")
|
||||
|
||||
if as_job
|
||||
display += "<br/><br/><span style='font-weight: bold'>Exploit is now running in the background.</span>"
|
||||
end
|
||||
end
|
||||
%>
|
||||
|
||||
Exploit time
|
||||
<br/>
|
||||
<span style='font-weight: bold'>
|
||||
Launching exploit <%= modinst.refname %> ...
|
||||
</span>
|
||||
<br/><br/>
|
||||
|
||||
<%= display %>
|
||||
|
||||
<% else %>
|
||||
Unknown step: <%= html_escape(step) %>
|
||||
|
|
|
@ -31,15 +31,18 @@ module Common
|
|||
<td>
|
||||
<table align='center' cellpadding='8' cellspacing='1' width='100%' class='tblOuter'>
|
||||
<tr>
|
||||
<td class='tab" + ((active == "exploits") ? "Light" : "Dark") + "' width='33%' align='center'>
|
||||
<td class='tab" + ((active == "exploits") ? "Light" : "Dark") + "' width='25%' align='center'>
|
||||
<a href='exploits.rhtml'>EXPLOITS</a>
|
||||
</td>
|
||||
<td class='tab" + ((active == "payloads") ? "Light" : "Dark") + "' width='33%' align='center'>
|
||||
<td class='tab" + ((active == "payloads") ? "Light" : "Dark") + "' width='25%' align='center'>
|
||||
<a href='payloads.rhtml'>PAYLOADS</a>
|
||||
</td>
|
||||
<td class='tab" + ((active == "sessions") ? "Light" : "Dark") + "' width='33%' align='center'>
|
||||
<td class='tab" + ((active == "sessions") ? "Light" : "Dark") + "' width='25%' align='center'>
|
||||
<a href='sessions.rhtml'>SESSIONS</a>
|
||||
</td>
|
||||
<td class='tab" + ((active == "jobs") ? "Light" : "Dark") + "' width='25%' align='center'>
|
||||
<a href='jobs.rhtml'>JOBS</a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
|
|
|
@ -329,7 +329,11 @@ protected
|
|||
print_status("Sending PassiveX main page to client")
|
||||
when "/passivex.dll"
|
||||
resp['Content-Type'] = 'application/octet-stream'
|
||||
resp.body = IO.readlines(datastore['PXAXDLL']).join
|
||||
resp.body = ''
|
||||
|
||||
File.open(datastore['PXAXDLL'], "rb") { |f|
|
||||
resp.body = f.read
|
||||
}
|
||||
|
||||
print_status("Sending PassiveX DLL (#{resp.body.length} bytes)")
|
||||
when "/stage"
|
||||
|
|
|
@ -214,7 +214,9 @@ module Payload::Windows::DllInject
|
|||
data = library_name + "\x00"
|
||||
|
||||
begin
|
||||
data += IO.readlines(library_path).join
|
||||
File.open(library_path, "rb") { |f|
|
||||
data += f.read
|
||||
}
|
||||
rescue
|
||||
print_error("Failed to load DLL: #{$!}.")
|
||||
|
||||
|
|
|
@ -47,6 +47,13 @@ class Driver < Msf::Ui::Driver
|
|||
# the local system.
|
||||
#
|
||||
def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {})
|
||||
|
||||
# The command prompt doesn't like bling bling'in colors.
|
||||
if (RUBY_PLATFORM =~ /win/)
|
||||
prompt = "msf"
|
||||
prompt_char = ">"
|
||||
end
|
||||
|
||||
# Call the parent
|
||||
super(prompt, prompt_char)
|
||||
|
||||
|
|
|
@ -7,7 +7,6 @@ module Msf
|
|||
module Ui
|
||||
module Web
|
||||
|
||||
|
||||
###
|
||||
#
|
||||
# This class implements a user interface driver on a web interface.
|
||||
|
@ -18,6 +17,16 @@ class Driver < Msf::Ui::Driver
|
|||
ConfigCore = "framework/core"
|
||||
ConfigGroup = "framework/ui/web"
|
||||
|
||||
@@Eid = 0
|
||||
|
||||
#
|
||||
# Returns the next unique exploit identifier.
|
||||
#
|
||||
def self.next_eid
|
||||
@@Eid += 1
|
||||
@@Eid.to_s
|
||||
end
|
||||
|
||||
#
|
||||
# The msfweb resource handler that wrappers the default Erb handler.
|
||||
#
|
||||
|
|
|
@ -81,7 +81,11 @@ class ClientCore < Extension
|
|||
|
||||
# If we must upload the library, do so now
|
||||
if ((load_flags & LOAD_LIBRARY_FLAG_LOCAL) != LOAD_LIBRARY_FLAG_LOCAL)
|
||||
image = ::IO.readlines(library_path).join
|
||||
image = ''
|
||||
|
||||
File.open(library_path, 'rb') { |f|
|
||||
image = f.read
|
||||
}
|
||||
|
||||
if (image != nil)
|
||||
request.add_tlv(TLV_TYPE_DATA, image)
|
||||
|
@ -325,7 +329,12 @@ class ClientCore < Extension
|
|||
|
||||
# Transmit the size of the server
|
||||
metsrv = "data/meterpreter/metsrv.dll"
|
||||
buf = "metsrv.dll\x00" + ::IO.readlines(metsrv).join
|
||||
buf = "metsrv.dll\x00"
|
||||
|
||||
File.open(metsrv, 'rb') { |f|
|
||||
buf += f.read
|
||||
}
|
||||
|
||||
size = buf.length
|
||||
|
||||
# Give the stage some time to transmit
|
||||
|
|
|
@ -90,7 +90,11 @@ Separator = "\\"
|
|||
# Open the file on the remote side for writing and read
|
||||
# all of the contents of the local file
|
||||
dest_fd = client.fs.file.new(dest_file, "wb")
|
||||
src_buf = ::IO.readlines(src_file).join
|
||||
src_buf = ''
|
||||
|
||||
File.open(src_file, 'rb') { |f|
|
||||
src_buf = f.read
|
||||
}
|
||||
|
||||
begin
|
||||
dest_fd.write(src_buf)
|
||||
|
|
|
@ -24,7 +24,11 @@ class Console
|
|||
# Initialize the meterpreter console.
|
||||
#
|
||||
def initialize(client)
|
||||
if (RUBY_PLATFORM =~ /win/)
|
||||
super("meterpreter")
|
||||
else
|
||||
super("%umeterpreter%c")
|
||||
end
|
||||
|
||||
# The meterpreter client context
|
||||
self.client = client
|
||||
|
|
|
@ -330,7 +330,12 @@ class Console::CommandDispatcher::Core
|
|||
# the channel
|
||||
if (src_file)
|
||||
begin
|
||||
data = ::IO.readlines(src_file)
|
||||
data = ''
|
||||
|
||||
File.open(src_file, 'rb') { |f|
|
||||
data = f.read
|
||||
}
|
||||
|
||||
rescue Errno::ENOENT
|
||||
print_error("Invalid source file specified: #{src_file}")
|
||||
return true
|
||||
|
|
|
@ -56,7 +56,11 @@ class Handler::Erb < Handler
|
|||
file_path = root_path + resource
|
||||
|
||||
# Serialize the contents of the file
|
||||
data = ::IO.readlines(file_path).join
|
||||
data = ''
|
||||
|
||||
File.open(file_path, 'rb') { |f|
|
||||
data = f.read
|
||||
}
|
||||
|
||||
# Set the content-type to text/html by default. We do this before
|
||||
# evaluation so that the script can change it.
|
||||
|
|
Loading…
Reference in New Issue