<%= Msf::Ui::Web::Common.header(framework.version, 'exploits') %> <% name = query_string['name'] step = query_string['step'] || 0 target = query_string['target'] step = step.to_i if (name == nil) %> <%# Display the exploit list if one hasn't been selected %>
<% framework.exploits.each_module { |name, mod| modinst = mod.new %> <% } %>
<%= Msf::Ui::Web::Common.module_icons(modinst) %> <%= modinst.name %>
<%# Wizard step 0 - target selection %> <% elsif (step == 0) modinst = framework.exploits.create(name) %>
<%= html_escape(modinst.name) %>

Name: <%= html_escape(modinst.name) %>
Authors: <%= html_escape(modinst.author.join("
")) %>
Description: <%= html_escape(modinst.description) %>
References: <% modinst.references.each { |ref| %> <% if (ref.kind_of?(Msf::Module::SiteReference)) %> - <%= ref.to_s %>
<% else %> - <%= ref.to_s %>
<% end %> <% } %>
Targets:  
  <% modinst.targets.each_with_index { |tgt, idx| %> <% } %>
Target Name Platform
<%= idx %> - <%= tgt.name %> <%= Msf::Ui::Web::Common.target_icons(tgt) %>
<%# Wizard step 1 - payload selection %> <% elsif (step == 1) modinst = framework.exploits.create(name) modinst.datastore['TARGET'] = query_string['target'].to_i %>
<%= html_escape(modinst.name) %>

<% idx = 0 modinst.compatible_payloads.each { |pname, pmod| pmodinst = pmod.new %> <% idx += 1 } %>
Select Payload:    
  Name Description
  <%= html_escape(pname) %> <%= html_escape(pmodinst.description) %>
<%# Wizard step 2 - option selection %> <% elsif (step == 2) payload = query_string['payload'] modinst = framework.exploits.create(name) pinst = framework.payloads.create(payload) modinst.datastore['TARGET'] = query_string['target'].to_i %>
<%= html_escape(modinst.name) %>

<% options = pinst.options.merge_sort(modinst.options) options.each { |name, option| next if (option.advanced?) next if (option.evasion?) %> <% } %>
<%= name %> <%= (option.required?) ? "Required" : "Optional" %> <%= option.type %> <%= html_escape(option.desc) %>
 
Preferred Encoder:
 NOP Generator:
 
<%# Wizard step 3 - exploitation %> <% elsif (step == 3) # Is JS disabled in the client's browser? nojs = query_string['nojs'] == '1' ? true : false # Create the exploit instance modinst = framework.exploits.create(name) # Set the encoder/nop to nil if it's not valid. query_string['encoder'] = nil if (query_string['encoder'] == '__default') query_string['nop'] = nil if (query_string['nop'] == '__default') # Build the options string options = '' query_string.each_pair { |k, v| next if v.nil? or v.length == 0 if k =~ /^opt_(.*)$/ options += "#{$1}=#{v} " end } # Use buffered output by default output = Rex::Ui::Text::Output::Buffer.new # If we support javascript, then we'll use something better if nojs == false # TODO end # Whether or not we should run this as a job as_job = modinst.passive? || (nojs == false) # Kick off the exploit process error = false begin modinst.exploit_simple( 'Encoder' => query_string['encoder'], 'Nop' => query_string['nop'], 'Payload' => query_string['payload'], 'Target' => query_string['target'].to_i, 'OptionStr' => options, 'LocalOutput' => output, 'LocalInput' => nil, 'RunAsJob' => as_job) rescue display = "Error:  " + html_escape($!) + "" error = true end # Use the buffered output for display if we didn't fail. if error == false display = html_escape(output.buf).gsub(/\n/, "
") if as_job display += "

Exploit is now running in the background." end end %>
Launching exploit <%= modinst.refname %> ...

<%= display %> <% else %> Unknown step: <%= html_escape(step) %> <% end %> <%= Msf::Ui::Web::Common.footer %>