diff --git a/data/msfweb/app/controllers/application.rb b/data/msfweb/app/controllers/application.rb index 2bb7c4a1e8..02573501a4 100644 --- a/data/msfweb/app/controllers/application.rb +++ b/data/msfweb/app/controllers/application.rb @@ -55,7 +55,7 @@ class ApplicationController < ActionController::Base end # Returns the module by id of specified type. - def get_view_for_module(module_type, module_id) + def get_view_for_module(module_type, module_refname) @tmod = nil # Get available moduls of specified type @@ -75,9 +75,9 @@ class ApplicationController < ActionController::Base end # Return the module if found - if id + if module_refname @mod_list.each do |m| - if m.refname.gsub('/', ':') == params[:id] + if m.refname.gsub('/', ':') == module_refname @tmod = m break end diff --git a/data/msfweb/app/controllers/auxiliaries_controller.rb b/data/msfweb/app/controllers/auxiliaries_controller.rb index 6123a8337e..2ee05069d8 100644 --- a/data/msfweb/app/controllers/auxiliaries_controller.rb +++ b/data/msfweb/app/controllers/auxiliaries_controller.rb @@ -10,7 +10,7 @@ class AuxiliariesController < ApplicationController end def view - @tmod = get_view_for_module("auxiliary", params[:id]) + @tmod = get_view_for_module("auxiliary", params[:refname]) unless @tmod render_text "Unknown module specified." diff --git a/data/msfweb/app/controllers/encoders_controller.rb b/data/msfweb/app/controllers/encoders_controller.rb index 6555f46dbf..239a01c91b 100644 --- a/data/msfweb/app/controllers/encoders_controller.rb +++ b/data/msfweb/app/controllers/encoders_controller.rb @@ -10,7 +10,7 @@ class EncodersController < ApplicationController end def view - @tmod = get_view_for_module("encoder", params[:id]) + @tmod = get_view_for_module("encoder", params[:refname]) unless @tmod render_text "Unknown module specified." diff --git a/data/msfweb/app/controllers/exploits_controller.rb b/data/msfweb/app/controllers/exploits_controller.rb index 53ba8cbbfd..1532fc2250 100644 --- a/data/msfweb/app/controllers/exploits_controller.rb +++ b/data/msfweb/app/controllers/exploits_controller.rb @@ -10,7 +10,7 @@ class ExploitsController < ApplicationController end def view - @tmod = get_view_for_module("exploit", params[:id]) + @tmod = get_view_for_module("exploit", params[:refname]) unless @tmod render_text "Unknown module specified." @@ -18,8 +18,29 @@ class ExploitsController < ApplicationController end def exploit - end - - def check + # Retrieve object to module with the given refname + @tmod = get_view_for_module("exploit", params[:refname]) + unless @tmod + render_text "Unknown module specified." + end + + # Get target, using index given in 'target' parameter + @target = @tmod.targets[params[:target].to_i] + unless @target + render_text "Unknown target specified." + end + + @cur_step = nil + if params[:step] + @cur_step = params[:step] + end + + if @cur_step == "config" + @payload = get_view_for_module("payload", params[:payload]) + elsif @cur_step == "ready" + @tmod.datastore['TARGET'] = params[:target].to_i + else + @payloads = @tmod.compatible_payloads + end end end diff --git a/data/msfweb/app/controllers/nops_controller.rb b/data/msfweb/app/controllers/nops_controller.rb index 9616f82b69..3614b51b11 100644 --- a/data/msfweb/app/controllers/nops_controller.rb +++ b/data/msfweb/app/controllers/nops_controller.rb @@ -10,7 +10,7 @@ class NopsController < ApplicationController end def view - @tmod = get_view_for_module("nop", params[:id]) + @tmod = get_view_for_module("nop", params[:refname]) unless @tmod render_text "Unknown module specified." diff --git a/data/msfweb/app/controllers/payloads_controller.rb b/data/msfweb/app/controllers/payloads_controller.rb index b6668cb61a..60840e05d4 100644 --- a/data/msfweb/app/controllers/payloads_controller.rb +++ b/data/msfweb/app/controllers/payloads_controller.rb @@ -10,7 +10,7 @@ class PayloadsController < ApplicationController end def view - @tmod = get_view_for_module("payload", params[:id]) + @tmod = get_view_for_module("payload", params[:refname]) unless @tmod render_text "Unknown module specified." diff --git a/data/msfweb/app/views/exploits/check.rhtml b/data/msfweb/app/views/exploits/check.rhtml deleted file mode 100644 index b2cc71c8b0..0000000000 --- a/data/msfweb/app/views/exploits/check.rhtml +++ /dev/null @@ -1,2 +0,0 @@ -

Exploits#check

-

Find me in app/views/exploits/check.rhtml

diff --git a/data/msfweb/app/views/exploits/exploit.rhtml b/data/msfweb/app/views/exploits/exploit.rhtml index 328717a9eb..e32f74022e 100644 --- a/data/msfweb/app/views/exploits/exploit.rhtml +++ b/data/msfweb/app/views/exploits/exploit.rhtml @@ -1,2 +1,39 @@ -

Exploits#exploit

-

Find me in app/views/exploits/exploit.rhtml

+ + + +

+ Exploit: <%= h(@tmod.name) %> (<%= h(params[:refname].gsub(':', '/')) %>)
+

+ + +<% if @cur_step == nil %> + +

Select payload for <%= h(@target.name) %>:

+ + + + + + + <% @payloads.each do |p| %> + <% o = p[1].new %> + + + + <% end %> + +<% elsif @cur_step == "config" %> + +

Exploit and payload configuration:

+ + + <%= hidden_field_tag "refname", h(params[:refname]) %> + <%= hidden_field_tag "step", "ready" %> + <%= hidden_field_tag "target", h(params[:target]) %> + <%= hidden_field_tag "payload", h(params[:payload]) %> + + +<% end %> + +
NameDescription
<%= link_to h(p[0]), :refname => @tmod.refname.gsub('/', ':'), :step => "config", + :target => h(params[:target].to_i), :payload => o.refname.gsub('/', ':') %><%= h(o.description) %>
diff --git a/data/msfweb/app/views/exploits/view.rhtml b/data/msfweb/app/views/exploits/view.rhtml index a10ee913e7..c8dd4c23a4 100644 --- a/data/msfweb/app/views/exploits/view.rhtml +++ b/data/msfweb/app/views/exploits/view.rhtml @@ -18,7 +18,9 @@

- This module (revision <%= h @tmod.version.gsub(/\$Revision:\s+|\s+\$/, '') %>) was provided by <%= h @tmod.author.map{ |a| a.to_s.gsub(/\<.*/, '') }.join(' and ').strip %>, under the <%= @tmod.license %>. + This module (revision <%= h @tmod.version.gsub(/\$Revision:\s+|\s+\$/, '') %>) was + provided by <%= h @tmod.author.map{ |a| a.to_s.gsub(/\<.*/, '') }.join(' and ').strip %>, + under the <%= @tmod.license %>.

@@ -49,7 +51,7 @@ Available targets: diff --git a/data/msfweb/app/views/payloads/view.rhtml b/data/msfweb/app/views/payloads/view.rhtml index cc2326b670..82febd8003 100644 --- a/data/msfweb/app/views/payloads/view.rhtml +++ b/data/msfweb/app/views/payloads/view.rhtml @@ -70,7 +70,7 @@
- <%= hidden_field_tag "id", h(params[:id]) %> + <%= hidden_field_tag "refname", h(params[:refname]) %> <%= hidden_field_tag "step", "1" %> <% @tmod.options.each { |name, option| next if (option.advanced?) @@ -116,6 +116,7 @@ + @@ -131,7 +132,7 @@ Payload code - (<%= link_to "back", :action => "view", :id => h(params[:id]) %>) + (<%= link_to "back", :action => "view", :refname => h(params[:refname]) %>) diff --git a/data/msfweb/public/javascripts/application.js b/data/msfweb/public/javascripts/application.js index 0ff0661fa9..715a7a7782 100644 --- a/data/msfweb/public/javascripts/application.js +++ b/data/msfweb/public/javascripts/application.js @@ -163,7 +163,7 @@ function create_window_ajax(target_url, wid, wtitle, wwidth, wheight) { * Height and width are fixed, should be working values in all cases. */ function openModuleWindow(mtype, refname, wtitle) { - var mWin = create_window_ajax("/" + mtype + "/view/" + refname, mtype + "-view-" + obtainWindowId(), wtitle, 500, 500); + var mWin = create_window_ajax("/" + mtype + "/view?refname=" + refname, mtype + "-view-" + obtainWindowId(), wtitle, 500, 500); mWin.setDestroyOnClose(); mWin.showCenter(); }