From 8a70cb35ca114eb0d6b455b4fe9413b42087c9ed Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Sun, 18 Feb 2007 08:09:43 +0000
Subject: [PATCH] Almost ready to run exploits via the web interface

git-svn-id: file:///home/svn/framework3/trunk@4434 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../app/controllers/exploits_controller.rb    |  91 ++++++----
 data/msfweb/app/views/exploits/exploit.rhtml  | 166 +-----------------
 data/msfweb/app/views/exploits/view.rhtml     |   2 +-
 data/msfweb/public/stylesheets/windows.css    |   2 +
 4 files changed, 69 insertions(+), 192 deletions(-)

diff --git a/data/msfweb/app/controllers/exploits_controller.rb b/data/msfweb/app/controllers/exploits_controller.rb
index 9c72f19b52..a811894447 100644
--- a/data/msfweb/app/controllers/exploits_controller.rb
+++ b/data/msfweb/app/controllers/exploits_controller.rb
@@ -4,46 +4,75 @@
 # Instance variables, final values, etc, go into views.
 
 class ExploitsController < ApplicationController
-  layout 'windows'
-  
-  def list
-  end
+layout 'windows'
 
-  def view
-    @tmod = get_view_for_module("exploit", params[:refname])
+def list
+end
+
+def view
+	@tmod = get_view_for_module("exploit", params[:refname])
 	
 	unless @tmod
 	 render_text "Unknown module specified."
 	end
-  end
+end
 
-  def exploit
-    # Retrieve object to module with the given refname
-    @tmod     = get_view_for_module("exploit", params[:refname])
-    unless @tmod
-	 render_text "Unknown module specified."
+def config
+	# Retrieve object to module with the given refname
+	@tmod     = get_view_for_module("exploit", params[:refname])
+	unless @tmod
+		render_text "Unknown module specified."
 	end
 	
 	# Get target, using index given in 'target' parameter
-    @target   = @tmod.targets[params[:target].to_i]
-    unless @target
-	 render_text "Unknown target specified."
+	@target   = @tmod.targets[params[:target].to_i]
+	unless @target
+		render_text "Unknown target specified."
 	end
 	
-    @cur_step = nil
-    if params[:step]
-      @cur_step = params[:step]
-    end
-    
-    if @cur_step == "config"
-      @payload   = @tmod.compatible_payloads[params[:payload].to_i]
-      unless @payload
-	   render_text "Unknown payload specified or not supported."
-	  end
-    elsif @cur_step == "ready"
-      @tmod.datastore['TARGET'] = params[:target].to_i
-    else
-      @payloads = @tmod.compatible_payloads
-    end
-  end
+	@cur_step = nil
+	if params[:step]
+		@cur_step = params[:step]
+	end
+	
+	if @cur_step == "config"
+		@payload   = @tmod.compatible_payloads[params[:payload].to_i]
+
+		unless @payload
+			render_text "Unknown payload specified or not supported."
+		end
+	else
+		@payloads = @tmod.compatible_payloads
+	end
+end
+
+def exploit
+	# Retrieve object to module with the given refname
+	@tmod     = get_view_for_module("exploit", params[:refname])
+	unless @tmod
+		render_text "Unknown module specified."
+	end
+	
+	# Get target, using index given in 'target' parameter
+	@target   = @tmod.targets[params[:target].to_i]
+	unless @target
+		render_text "Unknown target specified."
+	end
+	
+	@cur_step = nil
+	if params[:step]
+		@cur_step = params[:step]
+	end
+	
+
+	@payload   = @tmod.compatible_payloads[params[:payload].to_i]
+
+	unless @payload
+		render_text "Unknown payload specified or not supported."
+	end
+
+	@tmod.datastore['TARGET'] = params[:target].to_i
+
+end
+
 end
diff --git a/data/msfweb/app/views/exploits/exploit.rhtml b/data/msfweb/app/views/exploits/exploit.rhtml
index be745ad8d5..f4ebf829ac 100644
--- a/data/msfweb/app/views/exploits/exploit.rhtml
+++ b/data/msfweb/app/views/exploits/exploit.rhtml
@@ -6,178 +6,24 @@
         </p>
     </tr>
 
-<% if @cur_step == nil %>
-
-    <p>Select payload for <strong><%= h(@target.name) %></strong>:</p>
-
-    <tr>
-        <th class="moduleOptionsHeader">Name</th>
-        <th class="moduleOptionsHeader">Description</th>
-    </tr>
-
-	<% 
-		rcol_a = 'item_row_col_a' 
-		rcol_b = 'item_row_col_b'
-		rcol   = rcol_b
-	%>
-	
-    <% @payloads.each_with_index do |p, idx| %>
-    <tr class='<%=h rcol = (rcol == rcol_a) ? rcol_b : rcol_a %>'>
-		<% o = p[1].new %>
-        <td><%= link_to h(p[0]), :refname => @tmod.refname.gsub('/', ':'), :step => "config",
-        :target => h(params[:target].to_i), :payload => idx %></td>
-        <td><%= h(o.description) %></td>
-    </tr>
-    <% end %>
-    
-<% elsif @cur_step == "config" %>
-
-    <p>Exploit and payload configuration:</p>
-    
-    <tr>
-        <th colspan="2" class="moduleOptionsHeader">
-            CURRENT CONFIGURATION -
-            <%= link_to "change", :action => "exploit", :refname => h(params[:refname]) %>
-        </th>
-    </tr>
-    <tr>
-        <td>Target:</td>
-        <td><%= @target.name %></td>
-    <tr>
     <tr>
         <td>Exploit:</td>
         <td><%= @tmod.refname %></td>
     <tr>
-    <tr>
+    
+	<tr>
         <td>Payload:</td>
         <td><%= @payload[0] %></td>
     <tr>
-    <tr>
-        <td>Payload bad characters:</td>
-        <td><%= Rex::Text::to_hex(@tmod.payload_badchars || '' ) %></td>
-    <tr>
-    
-    <tr>
-        <th colspan="2" class="moduleOptionsHeader">OPTIONS</th>
-    </tr>
-    
-    <form action="/exploits/exploit" method="post">
-        <%= hidden_field_tag "refname", h(params[:refname]) %>
-        <%= hidden_field_tag "step", "ready" %>
-        <%= hidden_field_tag "target", h(params[:target]) %>
-        <%= hidden_field_tag "payload", h(params[:payload]) %>
-    
-    <% @tmod.options.sort.each { |name, option|
-        next if (option.advanced?)
-        next if (option.evasion?) %>
-        <tr>
-            <td><strong><%= name %></strong></td>
-            <td><strong><%= (option.required?) ? "Required" : "Optional" %></strong></td>
-        </tr>
-        <tr>
-            <td><%= html_escape(option.desc) %> (type: <%= option.type %>)</td>
-            <td>
-                <input type="text" name="eopt_<%= h(name) %>" value="<%= h(option.default || '') %>" />
-            </td>
-        </tr>
-    <% } %>
-    <% @payload[1].new.options.sort.each { |name, option|
-        next if (option.advanced?)
-        next if (option.evasion?) %>
-        <tr>
-            <td><strong><%= name %></strong></td>
-            <td><strong><%= (option.required?) ? "Required" : "Optional" %></strong></td>
-        </tr>
-        <tr>
-            <td><%= html_escape(option.desc) %> (type: <%= option.type %>)</td>
-            <td>
-                <input type="text" name="popt_<%= h(name) %>" value="<%= h(option.default || '') %>" />
-            </td>
-        </tr>
-    <% } %>
- 
-    <tr>
-        <th colspan="2"><br/><%= submit_tag "Launch Exploit" %><br/></th>
-    </tr>
-
-    <tr>
-        <th colspan="2" class="moduleOptionsHeader">ADVANCED OPTIONS</th>
-    </tr> 
 	
-    <% @tmod.options.sort.each { |name, option|
-        next if not option.advanced? %>
-        <tr>
-            <td><strong><%= name %></strong></td>
-            <td><strong><%= (option.required?) ? "Required" : "Optional" %></strong></td>
-        </tr>
-        <tr>
-            <td><%= html_escape(option.desc) %> (type: <%= option.type %>)</td>
-            <td>
-                <input type="text" name="eopt_<%= h(name) %>" value="<%= h(option.default || '') %>" />
-            </td>
-        </tr>
-    <% } %>
-    <% @payload[1].new.options.sort.each { |name, option|
-        next if not option.advanced? %>
-        <tr>
-            <td><strong><%= name %></strong></td>
-            <td><strong><%= (option.required?) ? "Required" : "Optional" %></strong></td>
-        </tr>
-        <tr>
-            <td><%= html_escape(option.desc) %> (type: <%= option.type %>)</td>
-            <td>
-                <input type="text" name="popt_<%= h(name) %>" value="<%= h(option.default || '') %>" />
-            </td>
-        </tr>
-    <% } %> 
-
     <tr>
-        <th colspan="2"><br/><%= submit_tag "Launch Exploit" %><br/></th>
-    </tr>
-
+        <td>Target:</td>
+        <td><%= @target.name %></td>
     <tr>
-        <th colspan="2" class="moduleOptionsHeader">EVASION OPTIONS</th>
-    </tr>
 	
-    <% @tmod.options.sort.each { |name, option|
-        next if not option.evasion? %>
-        <tr>
-            <td><strong><%= name %></strong></td>
-            <td><strong><%= (option.required?) ? "Required" : "Optional" %></strong></td>
-        </tr>
-        <tr>
-            <td><%= html_escape(option.desc) %> (type: <%= option.type %>)</td>
-            <td>
-                <input type="text" name="eopt_<%= h(name) %>" value="<%= h(option.default || '') %>" />
-            </td>
-        </tr>
-    <% } %>
-    <% @payload[1].new.options.sort.each { |name, option|
-        next if not option.evasion? %>
-        <tr>
-            <td><strong><%= name %></strong></td>
-            <td><strong><%= (option.required?) ? "Required" : "Optional" %></strong></td>
-        </tr>
-        <tr>
-            <td><%= html_escape(option.desc) %> (type: <%= option.type %>)</td>
-            <td>
-                <input type="text" name="popt_<%= h(name) %>" value="<%= h(option.default || '') %>" />
-            </td>
-        </tr>
-    <% } %> 
-    
-	<tr>
-        <th colspan="2"><br/><%= submit_tag "Launch Exploit" %><br/></th>
-    </tr>
-				  
-    </form>
-
-<% elsif @cur_step == "ready" %>
-
     <tr>
         <th colspan="2" class="moduleOptionsHeader">LAUNCHING EXPLOIT</th>
     </tr>
-
-<% end %>
-
+	
 </table>
+
diff --git a/data/msfweb/app/views/exploits/view.rhtml b/data/msfweb/app/views/exploits/view.rhtml
index a244ef366d..3b8d7af61b 100644
--- a/data/msfweb/app/views/exploits/view.rhtml
+++ b/data/msfweb/app/views/exploits/view.rhtml
@@ -51,7 +51,7 @@
 		Please select a target:
 		<ul class="moduleTargets">
 			<% @tmod.targets.each_with_index { |tgt, idx| %>
-				<li><%= link_to h(tgt.name), :action =>  "exploit", :refname => @tmod.refname.gsub('/', ':'), :target => idx %></a></li>
+				<li><%= link_to h(tgt.name), :action =>  "config", :refname => @tmod.refname.gsub('/', ':'), :target => idx %></a></li>
 			<% } %>
 		</ul>
 		
diff --git a/data/msfweb/public/stylesheets/windows.css b/data/msfweb/public/stylesheets/windows.css
index 7c160b4575..4d15ec3eba 100644
--- a/data/msfweb/public/stylesheets/windows.css
+++ b/data/msfweb/public/stylesheets/windows.css
@@ -163,6 +163,8 @@ th.moduleOptionsHeader {
     background: #ddd;
     color: #000;
     text-transform: uppercase;
+	margin-top: 1em;
+	margin-bottom: 1em;
 }
 
 .item_row_col_a {