changes to support native win32

git-svn-id: file:///home/svn/incoming/trunk@3654 4d416f70-5f16-0410-b530-b9f4589650da

data/msfweb/exploits.rhtml

@@ -166,6 +166,7 @@
 <br/>
 
 <form method='GET'>
+	<input type='hidden' name='eid' value="<%= Msf::Ui::Web::Driver::next_eid %>"/>
 	<input type='hidden' name='name' value="<%= html_escape(name) %>"/>
 	<input type='hidden' name='step' value="<%= step + 1 %>"/>
 	<input type='hidden' name='target' value="<%= html_escape(modinst.datastore['TARGET']) %>"/>
@@ -215,6 +216,10 @@
 		
 		<tr><td colspan='5'>&nbsp;</td></tr>
 
+		<noscript>
+			<input type='hidden' name='nojs' value="1"/>
+		</noscript>
+
 		<tr>
 			<td colspan='3' align='right'>
 				<input type='submit' name='action' value='Check' class='button'/>
@@ -229,9 +234,74 @@
 <%# Wizard step 3 - exploitation %>
 <%
 	elsif (step == 3)
- %>
 
-Exploit time
+		# Is JS disabled in the client's browser?
+		nojs = query_string['nojs'] == '1' ? true : false
+
+		# Create the exploit instance
+		modinst = framework.exploits.create(name)
+
+		# Set the encoder/nop to nil if it's not valid.
+		query_string['encoder'] = nil if (query_string['encoder'] == '__default')
+		query_string['nop']     = nil if (query_string['nop'] == '__default')
+
+		# Build the options string
+		options = ''
+
+		query_string.each_pair { |k, v|
+			next if v.nil? or v.length == 0
+
+			if k =~ /^opt_(.*)$/
+				options += "#{$1}=#{v} "
+			end
+		}
+
+		# Use buffered output by default
+		output = Rex::Ui::Text::Output::Buffer.new
+
+		# If we support javascript, then we'll use something better
+		if nojs == false
+			# TODO
+		end
+
+		# Whether or not we should run this as a job
+		as_job = modinst.passive? || (nojs == false)
+
+		# Kick off the exploit process
+		error = false
+
+		begin
+			modinst.exploit_simple(
+				'Encoder'     => query_string['encoder'],
+				'Nop'         => query_string['nop'],
+				'Payload'     => query_string['payload'],
+				'Target'      => query_string['target'].to_i,
+				'OptionStr'   => options,
+				'LocalOutput' => output,
+				'LocalInput'  => nil,
+				'RunAsJob'    => as_job)
+		rescue
+			display = "<span style='font-weight: bold'><span style='color: red'>Error:</span>&nbsp;&nbsp;" + html_escape($!) + "</span>"
+			error   = true
+		end
+
+		# Use the buffered output for display if we didn't fail.
+		if error == false
+			display = html_escape(output.buf).gsub(/\n/, "<br>") 
+
+			if as_job
+				display += "<br/><br/><span style='font-weight: bold'>Exploit is now running in the background.</span>"
+			end
+		end
+%>
+
+<br/>
+<span style='font-weight: bold'>
+Launching exploit <%= modinst.refname %> ...
+</span>
+<br/><br/>
+
+<%= display %>
 
 <% else %>
 	Unknown step: <%= html_escape(step) %>

data/msfweb/msfweb_common.rb

@@ -31,15 +31,18 @@ module Common
 				<td>
 					<table align='center' cellpadding='8' cellspacing='1' width='100%' class='tblOuter'>
 						<tr>
-							<td class='tab" + ((active == "exploits") ? "Light" : "Dark") + "' width='33%' align='center'>
+							<td class='tab" + ((active == "exploits") ? "Light" : "Dark") + "' width='25%' align='center'>
 								<a href='exploits.rhtml'>EXPLOITS</a>
 							</td>
-							<td class='tab" + ((active == "payloads") ? "Light" : "Dark") + "' width='33%' align='center'>
+							<td class='tab" + ((active == "payloads") ? "Light" : "Dark") + "' width='25%' align='center'>
 								<a href='payloads.rhtml'>PAYLOADS</a>
 							</td>
-							<td class='tab" + ((active == "sessions") ? "Light" : "Dark") + "' width='33%' align='center'>
+							<td class='tab" + ((active == "sessions") ? "Light" : "Dark") + "' width='25%' align='center'>
 								<a href='sessions.rhtml'>SESSIONS</a>
 							</td>
+							<td class='tab" + ((active == "jobs") ? "Light" : "Dark") + "' width='25%' align='center'>
+								<a href='jobs.rhtml'>JOBS</a>
+							</td>
 						</tr>
 					</table>
 				</td>

lib/msf/core/handler/passivex.rb

@@ -329,7 +329,11 @@ protected
 				print_status("Sending PassiveX main page to client")
 			when "/passivex.dll"
 				resp['Content-Type'] = 'application/octet-stream'
-				resp.body = IO.readlines(datastore['PXAXDLL']).join
+				resp.body = ''
+				
+				File.open(datastore['PXAXDLL'], "rb") { |f|
+					resp.body = f.read
+				}
 				
 				print_status("Sending PassiveX DLL (#{resp.body.length} bytes)")
 			when "/stage"

lib/msf/core/payload/windows/dllinject.rb

@@ -214,7 +214,9 @@ module Payload::Windows::DllInject
 		data = library_name + "\x00"
 
 		begin
-			data += IO.readlines(library_path).join
+			File.open(library_path, "rb") { |f|
+				data += f.read
+			}
 		rescue
 			print_error("Failed to load DLL: #{$!}.")
 

lib/msf/ui/console/driver.rb

@@ -47,6 +47,13 @@ class Driver < Msf::Ui::Driver
 	# 	the local system.
 	#
 	def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {})
+		
+		# The command prompt doesn't like bling bling'in colors.
+		if (RUBY_PLATFORM =~ /win/)
+			prompt      = "msf"
+			prompt_char = ">"
+		end
+
 		# Call the parent
 		super(prompt, prompt_char)
 

lib/msf/ui/web/driver.rb

@@ -7,7 +7,6 @@ module Msf
 module Ui
 module Web
 
-
 ###
 #
 # This class implements a user interface driver on a web interface.
@@ -18,6 +17,16 @@ class Driver < Msf::Ui::Driver
 	ConfigCore  = "framework/core"
 	ConfigGroup = "framework/ui/web"
 
+	@@Eid = 0
+
+	#
+	# Returns the next unique exploit identifier.
+	#
+	def self.next_eid
+		@@Eid += 1
+		@@Eid.to_s
+	end
+
 	#
 	# The msfweb resource handler that wrappers the default Erb handler.
 	#

lib/rex/post/meterpreter/client_core.rb

@@ -81,7 +81,11 @@ class ClientCore < Extension
 
 		# If we must upload the library, do so now
 		if ((load_flags & LOAD_LIBRARY_FLAG_LOCAL) != LOAD_LIBRARY_FLAG_LOCAL)
-			image = ::IO.readlines(library_path).join
+			image = ''
+			
+			File.open(library_path, 'rb') { |f|
+				image = f.read
+			}
 
 			if (image != nil)
 				request.add_tlv(TLV_TYPE_DATA, image)
@@ -325,7 +329,12 @@ class ClientCore < Extension
 
 		# Transmit the size of the server
 		metsrv = "data/meterpreter/metsrv.dll"
-		buf    = "metsrv.dll\x00" + ::IO.readlines(metsrv).join
+		buf    = "metsrv.dll\x00"
+	
+		File.open(metsrv, 'rb') { |f|
+			buf += f.read
+		}
+
 		size   = buf.length
 
 		# Give the stage some time to transmit

lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb

@@ -90,7 +90,11 @@ Separator = "\\"
 		# Open the file on the remote side for writing and read
 		# all of the contents of the local file
 		dest_fd = client.fs.file.new(dest_file, "wb")
-		src_buf = ::IO.readlines(src_file).join
+		src_buf = ''
+	
+		File.open(src_file, 'rb') { |f|
+			src_buf = f.read
+		}
 
 		begin
 			dest_fd.write(src_buf)

lib/rex/post/meterpreter/ui/console.rb

@@ -24,7 +24,11 @@ class Console
 	# Initialize the meterpreter console.
 	#
 	def initialize(client)
+		if (RUBY_PLATFORM =~ /win/)
+			super("meterpreter")
+		else
 			super("%umeterpreter%c")
+		end
 
 		# The meterpreter client context
 		self.client = client

lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb

@@ -330,7 +330,12 @@ class Console::CommandDispatcher::Core
 		# the channel
 		if (src_file)
 			begin
-				data = ::IO.readlines(src_file)
+				data = ''
+			
+				File.open(src_file, 'rb') { |f|
+					data = f.read
+				}
+
 			rescue Errno::ENOENT
 				print_error("Invalid source file specified: #{src_file}")
 				return true

lib/rex/proto/http/handler/erb.rb

@@ -56,7 +56,11 @@ class Handler::Erb < Handler
 			file_path = root_path + resource
 		
 			# Serialize the contents of the file
-			data = ::IO.readlines(file_path).join
+			data = ''
+			
+			File.open(file_path, 'rb') { |f|
+				data = f.read
+			}
 
 			# Set the content-type to text/html by default.  We do this before
 			# evaluation so that the script can change it.