From 5e127974858a9fa48a8b86919aa2f29788058bae Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Wed, 31 Jan 2007 00:08:52 +0000
Subject: [PATCH] Updates for msfweb, added vista target to smb/version, patch
 from diaul to show the selected target

git-svn-id: file:///home/svn/framework3/trunk@4305 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../app/controllers/auxiliaries_controller.rb |  5 ++-
 .../app/controllers/console_controller.rb     |  3 +-
 data/msfweb/app/controllers/msf_controller.rb |  7 +++-
 data/msfweb/public/javascripts/console.js     | 32 +++++++++++++++++--
 lib/msf/base/serializer/readable_text.rb      | 18 +++++++++++
 lib/msf/ui/console/command_dispatcher/core.rb |  9 ++++++
 lib/msf/ui/web/driver.rb                      | 15 ++++++++-
 modules/auxiliary/scanner/smb/version.rb      | 11 +++++--
 8 files changed, 91 insertions(+), 9 deletions(-)

diff --git a/data/msfweb/app/controllers/auxiliaries_controller.rb b/data/msfweb/app/controllers/auxiliaries_controller.rb
index 29376b215e..d99cdda23e 100644
--- a/data/msfweb/app/controllers/auxiliaries_controller.rb
+++ b/data/msfweb/app/controllers/auxiliaries_controller.rb
@@ -1,4 +1,7 @@
-# Author: LMH <lmh@info-pull.com>
+#
+# Original version is Copyright (c) 2006 LMH <lmh[at]info-pull.com>
+# Added to Metasploit under the terms of the Metasploit Framework License v1.2
+#
 # Description: The auxiliary controller of msfweb v.3. Handles views, listing
 # and other actions related to auxiliary modules. Code and processing goes here.
 # Instance variables, final values, etc, go into views.
diff --git a/data/msfweb/app/controllers/console_controller.rb b/data/msfweb/app/controllers/console_controller.rb
index 0a5622885b..7c0024ae93 100644
--- a/data/msfweb/app/controllers/console_controller.rb
+++ b/data/msfweb/app/controllers/console_controller.rb
@@ -23,9 +23,10 @@ class ConsoleController < ApplicationController
 			out = ''
 			
 			if (params[:cmd].strip.length > 0)
-				out = @console.execute(params[:cmd])
+				@console.execute(params[:cmd])
 			end
 			
+			out = @console.read()
 			out = out.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
 			pro = @console.prompt.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
 			
diff --git a/data/msfweb/app/controllers/msf_controller.rb b/data/msfweb/app/controllers/msf_controller.rb
index 65b1ca9b39..a482348f10 100644
--- a/data/msfweb/app/controllers/msf_controller.rb
+++ b/data/msfweb/app/controllers/msf_controller.rb
@@ -1,5 +1,10 @@
-# Author: LMH <lmh@info-pull.com>
+#
+# Original version is Copyright (c) 2006 LMH <lmh[at]info-pull.com>
+# Added to Metasploit under the terms of the Metasploit Framework License v1.2
+# Additions Copyright (C) 2006-2007 Metasploit LLC
+#
 # Description: The main controller of msfweb v.3
+#
 
 class MsfController < ApplicationController
   layout 'msfweb', :except => 'search'
diff --git a/data/msfweb/public/javascripts/console.js b/data/msfweb/public/javascripts/console.js
index 1a2094108d..500ced4e7f 100644
--- a/data/msfweb/public/javascripts/console.js
+++ b/data/msfweb/public/javascripts/console.js
@@ -1,6 +1,8 @@
 /* web msfconsole (console.js)
- * Copyright (c) 2006 LMH <lmh@info-pull.com>
- * All Rights Reserved.
+ * Original version is Copyright (c) 2006 LMH <lmh[at]info-pull.com>
+ * Added to Metasploit under the terms of the Metasploit Framework License v1.2
+ * Additions Copyright (C) 2006-2007 Metasploit LLC
+ *
  * Inspired by Jesse Ruderman's Javascript Shell.
 */
 
@@ -51,6 +53,16 @@ function console_refocus() {
     console_input.focus();
 }
 
+function console_read() {
+	new Ajax.Updater("console_update", document.location, {
+		asynchronous:true,
+		evalScripts:true,
+		parameters:"cmd=",
+		onComplete:console_read_output
+	});	
+}
+
+
 function console_printline(s, type) {
     if ((s=String(s))) {
         var n = document.createElement("div");
@@ -69,15 +81,27 @@ function console_printline(s, type) {
     }
 }
 
+function console_read_output(req) {
+	// Call the console updated
+	console_update_output(req);
+	
+	// Reschedule the console reader
+	setTimeout(console_read, 1000);
+}
+
 function console_update_output(req) {
 	
 	try { eval(req.responseText); } catch(e){ alert(req.responseText); }
 	
 	status_free();
 		
-	console_printline(con_update, 'output_line');
+	if (con_update.length > 0) {
+		console_printline(con_update, 'output_line');
+	}
+	
 	console_prompt.innerHTML = con_prompt;
 	console_refocus();
+	
 
 }
 
@@ -177,6 +201,8 @@ function console_init() {
 	console_refocus();
 	status_free();
 	
+	//console_read();
+	
     return true;
 }
 
diff --git a/lib/msf/base/serializer/readable_text.rb b/lib/msf/base/serializer/readable_text.rb
index a21f651c02..569f65782e 100644
--- a/lib/msf/base/serializer/readable_text.rb
+++ b/lib/msf/base/serializer/readable_text.rb
@@ -54,6 +54,24 @@ class ReadableText
 		tbl.to_s + "\n"
 	end
 
+	#
+	# Dumps the exploit's selected target
+	#
+	def self.dump_exploit_target(mod, indent = '', h = nil)
+		tbl = Rex::Ui::Text::Table.new(
+			'Indent'  => indent.length,
+			'Header'  => h,
+			'Columns' =>
+				[
+					'Id', 
+					'Name',
+				])
+
+		tbl << [ mod.target_index, mod.target.name || 'All' ]
+
+		tbl.to_s + "\n"
+	end
+	
 	#
 	# Dumps an auxiliary's actions
 	#
diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb
index baeeac7449..f56129093e 100644
--- a/lib/msf/ui/console/command_dispatcher/core.rb
+++ b/lib/msf/ui/console/command_dispatcher/core.rb
@@ -1348,6 +1348,15 @@ protected
 				print("\nPayload options:\n\n#{p_opt}\n") if (p_opt and p_opt.length > 0)
 			end
 		end
+
+		# Print the selected target
+		if (mod.exploit? and mod.target)
+			mod_targ = Serializer::ReadableText.dump_exploit_target(mod, '   ')
+			print("\nExploit target:\n\n#{mod_targ}\n") if (mod_targ and mod_targ.length > 0)
+		end
+
+		# Uncomment this line if u want target like msf2 format
+		#print("\nTarget: #{mod.target.name}\n\n")
 	end
 
 	def show_targets(mod) # :nodoc:
diff --git a/lib/msf/ui/web/driver.rb b/lib/msf/ui/web/driver.rb
index 4523e17748..949ab94413 100644
--- a/lib/msf/ui/web/driver.rb
+++ b/lib/msf/ui/web/driver.rb
@@ -9,6 +9,7 @@ module Web
 
 require 'msf/ui/web/comm'
 require 'rex/io/bidirectional_pipe'
+
 ###
 #
 # This class implements a console instance for use by the web interface
@@ -50,6 +51,17 @@ class WebConsole
 		end
 	end
 	
+	#
+	# Provides some overrides for web-based consoles
+	#
+	module WebConsoleShell
+	
+		def supports_color?
+			false
+		end
+	
+	end
+
 
 	def initialize(framework, console_id)
 		# Configure the framework
@@ -77,6 +89,8 @@ class WebConsole
 			}
 		)
 		
+		self.console.extend(WebConsoleShell)
+		
 		self.thread = Thread.new { self.console.run }
 		
 		update_access()
@@ -99,7 +113,6 @@ class WebConsole
 	
 	def execute(cmd)
 		self.console.run_single(cmd)
-		self.read
 	end
 	
 	def prompt
diff --git a/modules/auxiliary/scanner/smb/version.rb b/modules/auxiliary/scanner/smb/version.rb
index ebc7e24daf..9a818f9503 100644
--- a/modules/auxiliary/scanner/smb/version.rb
+++ b/modules/auxiliary/scanner/smb/version.rb
@@ -56,6 +56,9 @@ class Auxiliary::Scanner::Smb::Version < Msf::Auxiliary
 				when /Windows Server 2003 (\d+) Service Pack (\d+)/
 					os = 'Windows 2003'
 					sp = 'Service Pack ' + $2
+				when /Windows Vista \(TM\) (\w+) (\d+)/
+					os = 'Windows Vista ' + $1
+					sp = '(Build ' + $2 + ')'
 				when 'Unix'
 					os = 'Unix'
 					sv = smb_peer_lm()
@@ -90,12 +93,16 @@ class Auxiliary::Scanner::Smb::Version < Msf::Auxiliary
 			end
 			
  			print_status("#{ip} is running #{os} #{sp}")
+			
+			if (os == 'Unknown') 
+				print_status("NativeOS: #{smb_peer_os()}")
+				print_status("NativeLM: #{smb_peer_lm()}")
+			end
+			
 			disconnect()
 
 			return
 		rescue
-			p $!
-			p $!.backtrace
 		end
 		end
 	end