242 lines
6.3 KiB
Plaintext
242 lines
6.3 KiB
Plaintext
<%= Msf::Ui::Web::Common.header(framework.version, 'exploits') %>
|
|
<tr><td colspan='5'>
|
|
|
|
<%
|
|
name = query_string['name']
|
|
step = query_string['step'] || 0
|
|
target = query_string['target']
|
|
|
|
step = step.to_i
|
|
|
|
if (name == nil)
|
|
%>
|
|
|
|
<%# Display the exploit list if one hasn't been selected %>
|
|
<br/>
|
|
<div align='center' class='navHead'>
|
|
<table class='moduleList' width='100%' cellspacing='0' border='0'>
|
|
<% framework.exploits.each_module { |name, mod|
|
|
modinst = mod.new
|
|
%>
|
|
<tr>
|
|
<td class='moduleIcons' align='center'>
|
|
<%= Msf::Ui::Web::Common.module_icons(modinst) %>
|
|
</td>
|
|
<td class='moduleName'>
|
|
<a href="exploits.rhtml?name=<%= name %>"><%= modinst.name %></a>
|
|
</td>
|
|
<td class='moduleSpacer' colspan='2'>
|
|
</td>
|
|
</tr>
|
|
<% } %>
|
|
</table>
|
|
</div>
|
|
|
|
<%# Wizard step 0 - target selection %>
|
|
<%
|
|
elsif (step == 0)
|
|
modinst = framework.exploits.create(name)
|
|
%>
|
|
<br/>
|
|
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
|
|
<tr>
|
|
<td class='moduleName'>
|
|
<div class='textBold'><%= html_escape(modinst.name) %></div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
<br/>
|
|
|
|
<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
|
|
<tr>
|
|
<td align='right' width='80' class='textBold'>Name:</td>
|
|
<td class='textNormal'><%= html_escape(modinst.name) %></td>
|
|
</tr>
|
|
<tr>
|
|
<td align='right' width='80' class='textBold'>Authors:</td>
|
|
<td class='textNormal'><%= html_escape(modinst.author.join("<br/>")) %></td>
|
|
</tr>
|
|
<tr>
|
|
<td align='right' width='80' class='textBold' valign='top'>Description:</td>
|
|
<td colspan='2' class='textNormal' valign='top'>
|
|
<%= html_escape(modinst.description) %>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td align='right' width='80' class='textBold' valign='top'>References:</td>
|
|
<td colspan='2' class='textNormal' valign='top'>
|
|
<% modinst.references.each { |ref| %>
|
|
<% if (ref.kind_of?(Msf::Module::SiteReference)) %>
|
|
- <a href='<%= ref.site %>' target='_blank'><%= ref.to_s %></a><br/>
|
|
<% else %>
|
|
- <%= ref.to_s %><br/>
|
|
<% end %>
|
|
<% } %>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td align='right' width='80' class='textBold'>Targets:</td>
|
|
<td class='textNormal'> </td>
|
|
</tr>
|
|
<tr>
|
|
<td> </td>
|
|
<td>
|
|
<table align='align' cellpadding='2' cellspacing='0' border='0'>
|
|
<tr>
|
|
<td class='textBold'>Target Name</td>
|
|
<td class='textBold'>Platform</td>
|
|
</tr>
|
|
<% modinst.targets.each_with_index { |tgt, idx| %>
|
|
<tr>
|
|
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
|
|
<%= idx %> - <a href='exploits.rhtml?name=<%= name %>&step=<%= step + 1 %>&target=<%= idx %>'><%= tgt.name %></a>
|
|
</td>
|
|
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
|
|
<%= Msf::Ui::Web::Common.target_icons(tgt) %>
|
|
</td>
|
|
</tr>
|
|
<% } %>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<%# Wizard step 1 - payload selection %>
|
|
<%
|
|
elsif (step == 1)
|
|
modinst = framework.exploits.create(name)
|
|
modinst.datastore['TARGET'] = query_string['target'].to_i
|
|
%>
|
|
<br/>
|
|
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
|
|
<tr>
|
|
<td class='moduleName'>
|
|
<div class='textBold'><%= html_escape(modinst.name) %></div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
<br/>
|
|
|
|
<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
|
|
<tr>
|
|
<td align='left' width='80' class='textBold'><nobr>Select Payload:</nobr></td>
|
|
<td> </td>
|
|
<td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td> </td>
|
|
<td class='textBold'>Name</td>
|
|
<td class='textBold'>Description</td>
|
|
</tr>
|
|
|
|
<% idx = 0
|
|
modinst.compatible_payloads.each { |pname, pmod|
|
|
pmodinst = pmod.new
|
|
%>
|
|
|
|
<tr>
|
|
<td> </td>
|
|
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
|
|
<a href='exploits.rhtml?name=<%= name %>&step=<%= step + 1 %>&target=<%= target %>&payload=<%= pname %>'><%= html_escape(pname) %></a>
|
|
</td>
|
|
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'><%= html_escape(pmodinst.description) %></td>
|
|
</tr>
|
|
|
|
<% idx += 1
|
|
}
|
|
%>
|
|
|
|
</table>
|
|
|
|
<%# Wizard step 2 - option selection %>
|
|
<% elsif (step == 2)
|
|
payload = query_string['payload']
|
|
modinst = framework.exploits.create(name)
|
|
pinst = framework.payloads.create(payload)
|
|
modinst.datastore['TARGET'] = query_string['target'].to_i
|
|
%>
|
|
<br/>
|
|
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
|
|
<tr>
|
|
<td class='moduleName'>
|
|
<div class='textBold'><%= html_escape(modinst.name) %></div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
<br/>
|
|
|
|
<form method='GET'>
|
|
<input type='hidden' name='name' value="<%= html_escape(name) %>"/>
|
|
<input type='hidden' name='step' value="<%= step + 1 %>"/>
|
|
<input type='hidden' name='target' value="<%= html_escape(modinst.datastore['TARGET']) %>"/>
|
|
<input type='hidden' name='payload' value="<%= html_escape(payload) %>"/>
|
|
|
|
<table align='center' cellpadding='2' border='0' cellspacing='0' width='95%'>
|
|
<%
|
|
options = pinst.options.merge_sort(modinst.options)
|
|
|
|
options.each { |name, option|
|
|
next if (option.advanced?)
|
|
next if (option.evasion?)
|
|
%>
|
|
<tr>
|
|
<td class='textBold'><%= name %></td>
|
|
<td class='textBold'><%= (option.required?) ? "Required" : "Optional" %></td>
|
|
<td class='textNormal'><%= option.type %></td>
|
|
<td class='textNormal'>
|
|
<input type='text' name="opt_<%= html_escape(name) %>" value="<%= html_escape(option.default || '') %>"/>
|
|
</td>
|
|
<td class='textNormal'><%= html_escape(option.desc) %></td>
|
|
</tr>
|
|
<% } %>
|
|
|
|
<tr><td colspan='5'> </td></tr>
|
|
|
|
<tr>
|
|
<td colspan='3' class='textBold'>
|
|
Preferred Encoder:<br/>
|
|
<select name='encoder' size='1'>
|
|
<option value='__default'>Default
|
|
<% pinst.compatible_encoders.each { |encname, mod| %>
|
|
<option><%= encname %>
|
|
<% } %>
|
|
</select>
|
|
</td>
|
|
<td colspan='2' class='textBold'>
|
|
NOP Generator:<br/>
|
|
<select name='nop' size='1'>
|
|
<option value='__default'>Default
|
|
<% pinst.compatible_nops.each { |nopname, mod| %>
|
|
<option><%= nopname %>
|
|
<% } %>
|
|
</select>
|
|
</td>
|
|
</tr>
|
|
|
|
<tr><td colspan='5'> </td></tr>
|
|
|
|
<tr>
|
|
<td colspan='3' align='right'>
|
|
<input type='submit' name='action' value='Check' class='button'/>
|
|
</td>
|
|
<td colspan='2' align='left'>
|
|
<input type='submit' name='action' value='Exploit' class='button'/>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
|
|
<%# Wizard step 3 - exploitation %>
|
|
<%
|
|
elsif (step == 3)
|
|
%>
|
|
|
|
Exploit time
|
|
|
|
<% else %>
|
|
Unknown step: <%= html_escape(step) %>
|
|
<% end %>
|
|
|
|
</td></tr>
|
|
<%= Msf::Ui::Web::Common.footer %>
|