infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/dev/old_data_msfweb/exploits.rhtml

312 lines
8.2 KiB
Plaintext
Raw Blame History

<%= Msf::Ui::Web::Common.header(framework.version, 'exploits') %>
<tr><td colspan='5'>
<%
name = query_string['name']
step = query_string['step'] || 0
target = query_string['target']
step = step.to_i
if (name == nil)
%>
<%# Display the exploit list if one hasn't been selected %>
<br/>
<div align='center' class='navHead'>
<table class='moduleList' width='100%' cellspacing='0' border='0'>
<% framework.exploits.each_module { |name, mod|
modinst = mod.new
%>
<tr>
<td class='moduleIcons' align='center'>
<%= Msf::Ui::Web::Common.module_icons(modinst) %>
</td>
<td class='moduleName'>
<a href="exploits.rhtml?name=<%= name %>"><%= modinst.name %></a>
</td>
<td class='moduleSpacer' colspan='2'>
</td>
</tr>
<% } %>
</table>
</div>
<%# Wizard step 0 - target selection %>
<%
elsif (step == 0)
modinst = framework.exploits.create(name)
%>
<br/>
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
<tr>
<td class='moduleName'>
<div class='textBold'><%= html_escape(modinst.name) %></div>
</td>
</tr>
</table>
<br/>
<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
<tr>
<td align='right' width='80' class='textBold'>Name:</td>
<td class='textNormal'><%= html_escape(modinst.name) %></td>
</tr>
<tr>
<td align='right' width='80' class='textBold'>Authors:</td>
<td class='textNormal'><%= html_escape(modinst.author.join("<br/>")) %></td>
</tr>
<tr>
<td align='right' width='80' class='textBold' valign='top'>Description:</td>
<td colspan='2' class='textNormal' valign='top'>
<%= html_escape(modinst.description) %>
</td>
</tr>
<tr>
<td align='right' width='80' class='textBold' valign='top'>References:</td>
<td colspan='2' class='textNormal' valign='top'>
<% modinst.references.each { |ref| %>
<% if (ref.kind_of?(Msf::Module::SiteReference)) %>
- <a href='<%= ref.site %>' target='_blank'><%= ref.to_s %></a><br/>
<% else %>
- <%= ref.to_s %><br/>
<% end %>
<% } %>
</td>
</tr>
<tr>
<td align='right' width='80' class='textBold'>Targets:</td>
<td class='textNormal'>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<table align='align' cellpadding='2' cellspacing='0' border='0'>
<tr>
<td class='textBold'>Target Name</td>
<td class='textBold'>Platform</td>
</tr>
<% modinst.targets.each_with_index { |tgt, idx| %>
<tr>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
<%= idx %> - <a href='exploits.rhtml?name=<%= name %>&step=<%= step + 1 %>&target=<%= idx %>'><%= tgt.name %></a>
</td>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
<%= Msf::Ui::Web::Common.target_icons(tgt) %>
</td>
</tr>
<% } %>
</table>
</td>
</tr>
</table>
<%# Wizard step 1 - payload selection %>
<%
elsif (step == 1)
modinst = framework.exploits.create(name)
modinst.datastore['TARGET'] = query_string['target'].to_i
%>
<br/>
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
<tr>
<td class='moduleName'>
<div class='textBold'><%= html_escape(modinst.name) %></div>
</td>
</tr>
</table>
<br/>
<table align='center' width='95%' cellspacing='0' cellpadding='6' border='0'>
<tr>
<td align='left' width='80' class='textBold'><nobr>Select Payload:</nobr></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td class='textBold'>Name</td>
<td class='textBold'>Description</td>
</tr>
<% idx = 0
modinst.compatible_payloads.each { |pname, pmod|
pmodinst = pmod.new
%>
<tr>
<td>&nbsp;</td>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'>
<a href='exploits.rhtml?name=<%= name %>&step=<%= step + 1 %>&target=<%= target %>&payload=<%= pname %>'><%= html_escape(pname) %></a>
</td>
<td class='textBoldColor<%= (idx % 2 == 0) ? "B" : "A" %>' align='left'><%= html_escape(pmodinst.description) %></td>
</tr>
<% idx += 1
}
%>
</table>
<%# Wizard step 2 - option selection %>
<% elsif (step == 2)
payload = query_string['payload']
modinst = framework.exploits.create(name)
pinst = framework.payloads.create(payload)
modinst.datastore['TARGET'] = query_string['target'].to_i
%>
<br/>
<table width='100%' cellspacing='0' cellpadding='0' border='0'>
<tr>
<td class='moduleName'>
<div class='textBold'><%= html_escape(modinst.name) %></div>
</td>
</tr>
</table>
<br/>
<form method='GET'>
<input type='hidden' name='eid' value="<%= Msf::Ui::Web::Driver::next_eid %>"/>
<input type='hidden' name='name' value="<%= html_escape(name) %>"/>
<input type='hidden' name='step' value="<%= step + 1 %>"/>
<input type='hidden' name='target' value="<%= html_escape(modinst.datastore['TARGET']) %>"/>
<input type='hidden' name='payload' value="<%= html_escape(payload) %>"/>
<table align='center' cellpadding='2' border='0' cellspacing='0' width='95%'>
<%
options = pinst.options.merge_sort(modinst.options)
options.each { |name, option|
next if (option.advanced?)
next if (option.evasion?)
%>
<tr>
<td class='textBold'><%= name %></td>
<td class='textBold'><%= (option.required?) ? "Required" : "Optional" %></td>
<td class='textNormal'><%= option.type %></td>
<td class='textNormal'>
<input type='text' name="opt_<%= html_escape(name) %>" value="<%= html_escape(option.default || '') %>"/>
</td>
<td class='textNormal'><%= html_escape(option.desc) %></td>
</tr>
<% } %>
<tr><td colspan='5'>&nbsp;</td></tr>
<tr>
<td colspan='3' class='textBold'>
Preferred Encoder:<br/>
<select name='encoder' size='1'>
<option value='__default'>Default
<% pinst.compatible_encoders.each { |encname, mod| %>
<option><%= encname %>
<% } %>
</select>
</td>
<td colspan='2' class='textBold'>
NOP Generator:<br/>
<select name='nop' size='1'>
<option value='__default'>Default
<% pinst.compatible_nops.each { |nopname, mod| %>
<option><%= nopname %>
<% } %>
</select>
</td>
</tr>
<tr><td colspan='5'>&nbsp;</td></tr>
<noscript>
<input type='hidden' name='nojs' value="1"/>
</noscript>
<tr>
<td colspan='3' align='right'>
<input type='submit' name='action' value='Check' class='button'/>
</td>
<td colspan='2' align='left'>
<input type='submit' name='action' value='Exploit' class='button'/>
</td>
</tr>
</table>
</form>
<%# Wizard step 3 - exploitation %>
<%
elsif (step == 3)
# Is JS disabled in the client's browser?
nojs = query_string['nojs'] == '1' ? true : false
# Create the exploit instance
modinst = framework.exploits.create(name)
# Set the encoder/nop to nil if it's not valid.
query_string['encoder'] = nil if (query_string['encoder'] == '__default')
query_string['nop'] = nil if (query_string['nop'] == '__default')
# Build the options string
options = ''
query_string.each_pair { |k, v|
next if v.nil? or v.length == 0
if k =~ /^opt_(.*)$/
options += "#{$1}=#{v} "
end
}
# Use buffered output by default
output = Rex::Ui::Text::Output::Buffer.new
# If we support javascript, then we'll use something better
if nojs == false
# TODO
end
# Whether or not we should run this as a job
as_job = modinst.passive? || (nojs == false)
# Kick off the exploit process
error = false
begin
modinst.exploit_simple(
'Encoder' => query_string['encoder'],
'Nop' => query_string['nop'],
'Payload' => query_string['payload'],
'Target' => query_string['target'].to_i,
'OptionStr' => options,
'LocalOutput' => output,
'LocalInput' => nil,
'RunAsJob' => as_job)
rescue
display = "<span style='font-weight: bold'><span style='color: red'>Error:</span>&nbsp;&nbsp;" + html_escape($!) + "</span>"
error = true
end
# Use the buffered output for display if we didn't fail.
if error == false
display = html_escape(output.buf).gsub(/\n/, "<br>")
if as_job
display += "<br/><br/><span style='font-weight: bold'>Exploit is now running in the background.</span>"
end
end
%>
<br/>
<span style='font-weight: bold'>
Launching exploit <%= modinst.refname %> ...
</span>
<br/><br/>
<%= display %>
<% else %>
Unknown step: <%= html_escape(step) %>
<% end %>
</td></tr>
<%= Msf::Ui::Web::Common.footer %>
Reference in New Issue View Git Blame Copy Permalink