From 8a70cb35ca114eb0d6b455b4fe9413b42087c9ed Mon Sep 17 00:00:00 2001
From: HD Moore
Date: Sun, 18 Feb 2007 08:09:43 +0000
Subject: [PATCH] Almost ready to run exploits via the web interface
git-svn-id: file:///home/svn/framework3/trunk@4434 4d416f70-5f16-0410-b530-b9f4589650da
---
.../app/controllers/exploits_controller.rb | 91 ++++++----
data/msfweb/app/views/exploits/exploit.rhtml | 166 +-----------------
data/msfweb/app/views/exploits/view.rhtml | 2 +-
data/msfweb/public/stylesheets/windows.css | 2 +
4 files changed, 69 insertions(+), 192 deletions(-)
diff --git a/data/msfweb/app/controllers/exploits_controller.rb b/data/msfweb/app/controllers/exploits_controller.rb
index 9c72f19b52..a811894447 100644
--- a/data/msfweb/app/controllers/exploits_controller.rb
+++ b/data/msfweb/app/controllers/exploits_controller.rb
@@ -4,46 +4,75 @@
# Instance variables, final values, etc, go into views.
class ExploitsController < ApplicationController
- layout 'windows'
-
- def list
- end
+layout 'windows'
- def view
- @tmod = get_view_for_module("exploit", params[:refname])
+def list
+end
+
+def view
+ @tmod = get_view_for_module("exploit", params[:refname])
unless @tmod
render_text "Unknown module specified."
end
- end
+end
- def exploit
- # Retrieve object to module with the given refname
- @tmod = get_view_for_module("exploit", params[:refname])
- unless @tmod
- render_text "Unknown module specified."
+def config
+ # Retrieve object to module with the given refname
+ @tmod = get_view_for_module("exploit", params[:refname])
+ unless @tmod
+ render_text "Unknown module specified."
end
# Get target, using index given in 'target' parameter
- @target = @tmod.targets[params[:target].to_i]
- unless @target
- render_text "Unknown target specified."
+ @target = @tmod.targets[params[:target].to_i]
+ unless @target
+ render_text "Unknown target specified."
end
- @cur_step = nil
- if params[:step]
- @cur_step = params[:step]
- end
-
- if @cur_step == "config"
- @payload = @tmod.compatible_payloads[params[:payload].to_i]
- unless @payload
- render_text "Unknown payload specified or not supported."
- end
- elsif @cur_step == "ready"
- @tmod.datastore['TARGET'] = params[:target].to_i
- else
- @payloads = @tmod.compatible_payloads
- end
- end
+ @cur_step = nil
+ if params[:step]
+ @cur_step = params[:step]
+ end
+
+ if @cur_step == "config"
+ @payload = @tmod.compatible_payloads[params[:payload].to_i]
+
+ unless @payload
+ render_text "Unknown payload specified or not supported."
+ end
+ else
+ @payloads = @tmod.compatible_payloads
+ end
+end
+
+def exploit
+ # Retrieve object to module with the given refname
+ @tmod = get_view_for_module("exploit", params[:refname])
+ unless @tmod
+ render_text "Unknown module specified."
+ end
+
+ # Get target, using index given in 'target' parameter
+ @target = @tmod.targets[params[:target].to_i]
+ unless @target
+ render_text "Unknown target specified."
+ end
+
+ @cur_step = nil
+ if params[:step]
+ @cur_step = params[:step]
+ end
+
+
+ @payload = @tmod.compatible_payloads[params[:payload].to_i]
+
+ unless @payload
+ render_text "Unknown payload specified or not supported."
+ end
+
+ @tmod.datastore['TARGET'] = params[:target].to_i
+
+end
+
end
diff --git a/data/msfweb/app/views/exploits/exploit.rhtml b/data/msfweb/app/views/exploits/exploit.rhtml
index be745ad8d5..f4ebf829ac 100644
--- a/data/msfweb/app/views/exploits/exploit.rhtml
+++ b/data/msfweb/app/views/exploits/exploit.rhtml
@@ -6,178 +6,24 @@
-<% if @cur_step == nil %>
-
- Select payload for <%= h(@target.name) %>:
-
-
-
-
-
-
- <%
- rcol_a = 'item_row_col_a'
- rcol_b = 'item_row_col_b'
- rcol = rcol_b
- %>
-
- <% @payloads.each_with_index do |p, idx| %>
-
- <% o = p[1].new %>
- <%= link_to h(p[0]), :refname => @tmod.refname.gsub('/', ':'), :step => "config",
- :target => h(params[:target].to_i), :payload => idx %> |
- <%= h(o.description) %> |
-
- <% end %>
-
-<% elsif @cur_step == "config" %>
-
- Exploit and payload configuration:
-
-
-
-
-
- Target: |
- <%= @target.name %> |
-
Exploit: |
<%= @tmod.refname %> |
-
+
+
Payload: |
<%= @payload[0] %> |
-
- Payload bad characters: |
- <%= Rex::Text::to_hex(@tmod.payload_badchars || '' ) %> |
-
-
-
-
-
-
-
-
-<% elsif @cur_step == "ready" %>
-
-
-<% end %>
-
+
+
diff --git a/data/msfweb/app/views/exploits/view.rhtml b/data/msfweb/app/views/exploits/view.rhtml
index a244ef366d..3b8d7af61b 100644
--- a/data/msfweb/app/views/exploits/view.rhtml
+++ b/data/msfweb/app/views/exploits/view.rhtml
@@ -51,7 +51,7 @@
Please select a target:
<% @tmod.targets.each_with_index { |tgt, idx| %>
- - <%= link_to h(tgt.name), :action => "exploit", :refname => @tmod.refname.gsub('/', ':'), :target => idx %>
+ - <%= link_to h(tgt.name), :action => "config", :refname => @tmod.refname.gsub('/', ':'), :target => idx %>
<% } %>
diff --git a/data/msfweb/public/stylesheets/windows.css b/data/msfweb/public/stylesheets/windows.css
index 7c160b4575..4d15ec3eba 100644
--- a/data/msfweb/public/stylesheets/windows.css
+++ b/data/msfweb/public/stylesheets/windows.css
@@ -163,6 +163,8 @@ th.moduleOptionsHeader {
background: #ddd;
color: #000;
text-transform: uppercase;
+ margin-top: 1em;
+ margin-bottom: 1em;
}
.item_row_col_a {