metasploit-framework/data/msfweb/exploits.rhtml

242 lines
6.3 KiB
Plaintext

<%= Msf::Ui::Web::Common.header(framework.version, 'exploits') %>
<tr><td colspan='5'>
<%
name = query_string['name']
step = query_string['step'] || 0
target = query_string['target']
step = step.to_i
if (name == nil)
%>
<%# Display the exploit list if one hasn't been selected %>
<br/>
<div align='center' class='navHead'>
<table class='moduleList' width='100%' cellspacing='0' border='0'>
<% framework.exploits.each_module { |name, mod|
modinst = mod.new
%>
<tr>
<td class='moduleIcons' align='center'>
<%= Msf::Ui::Web::Common.module_icons(modinst) %>
</td>
<td class='moduleName'>
<a href="exploits.rhtml?name=<%= name %>"><%= modinst.name %></a>
</td>
<td class='moduleSpacer' colspan='2'>
</td>
</tr>
<% } %>
</table>
</div>
<%# Wizard step 0 - target selection %>
<%
elsif (step == 0)
modinst = framework.exploits.create(name)
%>
<br/>
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
<tr>
<td class='moduleName'>
<div class='textBold'><%= html_escape(modinst.name) %></div>
</td>
</tr>
</table>
<br/>
<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
<tr>
<td align='right' width='80' class='textBold'>Name:</td>
<td class='textNormal'><%= html_escape(modinst.name) %></td>
</tr>
<tr>
<td align='right' width='80' class='textBold'>Authors:</td>
<td class='textNormal'><%= html_escape(modinst.author.join("<br/>")) %></td>
</tr>
<tr>
<td align='right' width='80' class='textBold' valign='top'>Description:</td>
<td colspan='2' class='textNormal' valign='top'>
<%= html_escape(modinst.description) %>
</td>
</tr>
<tr>
<td align='right' width='80' class='textBold' valign='top'>References:</td>
<td colspan='2' class='textNormal' valign='top'>
<% modinst.references.each { |ref| %>
<% if (ref.kind_of?(Msf::Module::SiteReference)) %>
- <a href='<%= ref.site %>' target='_blank'><%= ref.to_s %></a><br/>
<% else %>
- <%= ref.to_s %><br/>
<% end %>
<% } %>
</td>
</tr>
<tr>
<td align='right' width='80' class='textBold'>Targets:</td>
<td class='textNormal'>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<table align='align' cellpadding='2' cellspacing='0' border='0'>
<tr>
<td class='textBold'>Target Name</td>
<td class='textBold'>Platform</td>
</tr>
<% modinst.targets.each_with_index { |tgt, idx| %>
<tr>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
<%= idx %> - <a href='exploits.rhtml?name=<%= name %>&step=<%= step + 1 %>&target=<%= idx %>'><%= tgt.name %></a>
</td>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
<%= Msf::Ui::Web::Common.target_icons(tgt) %>
</td>
</tr>
<% } %>
</table>
</td>
</tr>
</table>
<%# Wizard step 1 - payload selection %>
<%
elsif (step == 1)
modinst = framework.exploits.create(name)
modinst.datastore['TARGET'] = query_string['target'].to_i
%>
<br/>
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
<tr>
<td class='moduleName'>
<div class='textBold'><%= html_escape(modinst.name) %></div>
</td>
</tr>
</table>
<br/>
<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
<tr>
<td align='left' width='80' class='textBold'><nobr>Select Payload:</nobr></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td class='textBold'>Name</td>
<td class='textBold'>Description</td>
</tr>
<% idx = 0
modinst.compatible_payloads.each { |pname, pmod|
pmodinst = pmod.new
%>
<tr>
<td>&nbsp;</td>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
<a href='exploits.rhtml?name=<%= name %>&step=<%= step + 1 %>&target=<%= target %>&payload=<%= pname %>'><%= html_escape(pname) %></a>
</td>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'><%= html_escape(pmodinst.description) %></td>
</tr>
<% idx += 1
}
%>
</table>
<%# Wizard step 2 - option selection %>
<% elsif (step == 2)
payload = query_string['payload']
modinst = framework.exploits.create(name)
pinst = framework.payloads.create(payload)
modinst.datastore['TARGET'] = query_string['target'].to_i
%>
<br/>
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
<tr>
<td class='moduleName'>
<div class='textBold'><%= html_escape(modinst.name) %></div>
</td>
</tr>
</table>
<br/>
<form method='GET'>
<input type='hidden' name='name' value="<%= html_escape(name) %>"/>
<input type='hidden' name='step' value="<%= step + 1 %>"/>
<input type='hidden' name='target' value="<%= html_escape(modinst.datastore['TARGET']) %>"/>
<input type='hidden' name='payload' value="<%= html_escape(payload) %>"/>
<table align='center' cellpadding='2' border='0' cellspacing='0' width='95%'>
<%
options = pinst.options.merge_sort(modinst.options)
options.each { |name, option|
next if (option.advanced?)
next if (option.evasion?)
%>
<tr>
<td class='textBold'><%= name %></td>
<td class='textBold'><%= (option.required?) ? "Required" : "Optional" %></td>
<td class='textNormal'><%= option.type %></td>
<td class='textNormal'>
<input type='text' name="opt_<%= html_escape(name) %>" value="<%= html_escape(option.default || '') %>"/>
</td>
<td class='textNormal'><%= html_escape(option.desc) %></td>
</tr>
<% } %>
<tr><td colspan='5'>&nbsp;</td></tr>
<tr>
<td colspan='3' class='textBold'>
Preferred Encoder:<br/>
<select name='encoder' size='1'>
<option value='__default'>Default
<% pinst.compatible_encoders.each { |encname, mod| %>
<option><%= encname %>
<% } %>
</select>
</td>
<td colspan='2' class='textBold'>
NOP Generator:<br/>
<select name='nop' size='1'>
<option value='__default'>Default
<% pinst.compatible_nops.each { |nopname, mod| %>
<option><%= nopname %>
<% } %>
</select>
</td>
</tr>
<tr><td colspan='5'>&nbsp;</td></tr>
<tr>
<td colspan='3' align='right'>
<input type='submit' name='action' value='Check' class='button'/>
</td>
<td colspan='2' align='left'>
<input type='submit' name='action' value='Exploit' class='button'/>
</td>
</tr>
</table>
</form>
<%# Wizard step 3 - exploitation %>
<%
elsif (step == 3)
%>
Exploit time
<% else %>
Unknown step: <%= html_escape(step) %>
<% end %>
</td></tr>
<%= Msf::Ui::Web::Common.footer %>