2007-02-10 07:29:05 +00:00
|
|
|
#
|
|
|
|
|
# Author: Metasploit LLC
|
|
|
|
|
# Description: The AJAX console controller of msfweb
|
|
|
|
|
#
|
2007-01-18 15:31:42 +00:00
|
|
|
class ConsoleController < ApplicationController
|
2007-01-19 08:46:06 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Show the working shell and related facilities.
|
|
|
|
|
#
|
|
|
|
|
def index
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-04 07:58:01 +00:00
|
|
|
# Work around rails stupidity
|
2007-02-10 18:07:08 +00:00
|
|
|
if(not $webrick_hooked_console)
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-10 18:07:08 +00:00
|
|
|
$webrick.mount_proc("/_console") do |req, res|
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-04 07:58:01 +00:00
|
|
|
res['Content-Type'] = "text/javascript"
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-04 07:58:01 +00:00
|
|
|
m = req.path_info.match(/cid=(\d+)/)
|
|
|
|
|
if (m and m[1] and $msfweb.consoles[m[1]])
|
|
|
|
|
console = $msfweb.consoles[m[1]]
|
|
|
|
|
|
|
|
|
|
out = ''
|
|
|
|
|
tsp = Time.now.to_i
|
2007-02-10 18:07:08 +00:00
|
|
|
prompt_old = console.prompt
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-04 07:58:01 +00:00
|
|
|
# Poll the console output for 15 seconds
|
2007-02-10 18:07:08 +00:00
|
|
|
while( tsp + 15 > Time.now.to_i and out.length == 0 and console.prompt == prompt_old)
|
2007-02-04 07:58:01 +00:00
|
|
|
out = console.read()
|
2007-02-10 18:07:08 +00:00
|
|
|
select(nil, nil, nil, 0.10)
|
2007-02-04 07:58:01 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
out = out.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
|
pro = console.prompt.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
|
|
|
|
|
|
script = "// Metasploit Web Console Data\n"
|
|
|
|
|
script += "var con_prompt = unescape('#{pro}');\n"
|
|
|
|
|
script += "var con_update = unescape('#{out}');\n"
|
|
|
|
|
|
|
|
|
|
res.body = script
|
|
|
|
|
else
|
|
|
|
|
res.body = '// Invalid console ID'
|
|
|
|
|
end
|
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-02-10 18:07:08 +00:00
|
|
|
$webrick_hooked_console = true
|
2007-02-04 07:58:01 +00:00
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
cid = params[:id]
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
if (not (cid and $msfweb.consoles[cid]))
|
|
|
|
|
cid = $msfweb.create_console
|
|
|
|
|
redirect_to :id => cid
|
|
|
|
|
return
|
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
@cid = params[:id]
|
|
|
|
|
@console = $msfweb.consoles[@cid]
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
if(params[:cmd])
|
2007-01-20 22:19:32 +00:00
|
|
|
out = ''
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-19 08:46:06 +00:00
|
|
|
if (params[:cmd].strip.length > 0)
|
2007-02-04 07:58:01 +00:00
|
|
|
@console.write(params[:cmd] + "\n")
|
2007-01-19 08:46:06 +00:00
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
out = out.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
|
pro = @console.prompt.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
script = "// Metasploit Web Console Data\n"
|
|
|
|
|
script += "var con_prompt = unescape('#{pro}');\n"
|
|
|
|
|
script += "var con_update = unescape('#{out}');\n"
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
send_data(script, :type => "text/javascript")
|
2007-01-19 08:46:06 +00:00
|
|
|
end
|
2007-01-20 22:19:32 +00:00
|
|
|
|
|
|
|
|
if(params[:tab])
|
|
|
|
|
opts = []
|
|
|
|
|
cmdl = params[:tab]
|
|
|
|
|
out = ""
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
if (params[:tab].strip.length > 0)
|
|
|
|
|
opts = @console.tab_complete(params[:tab]) || []
|
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
if (opts.length == 1)
|
|
|
|
|
cmdl = opts[0]
|
|
|
|
|
else
|
|
|
|
|
if (opts.length == 0)
|
|
|
|
|
# aint got nothin
|
|
|
|
|
else
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
cmd_top = opts[0]
|
|
|
|
|
depth = 0
|
|
|
|
|
|
|
|
|
|
while (depth < cmd_top.length)
|
|
|
|
|
match = true
|
|
|
|
|
opts.each do |line|
|
|
|
|
|
next if line[depth] == cmd_top[depth]
|
|
|
|
|
match = false
|
|
|
|
|
break
|
|
|
|
|
end
|
|
|
|
|
break if not match
|
|
|
|
|
depth += 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if (depth > 0)
|
|
|
|
|
cmdl = cmd_top[0, depth]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
out = "\n" + opts.map{ |c| " >> " + c }.join("\n")
|
|
|
|
|
end
|
|
|
|
|
end
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
out = out.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
|
pro = @console.prompt.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
|
|
|
|
tln = cmdl.unpack('C*').map{|c| sprintf("%%%.2x", c)}.join
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
script = "// Metasploit Web Console Data\n"
|
|
|
|
|
script += "var con_prompt = unescape('#{pro}');\n"
|
|
|
|
|
script += "var con_update = unescape('#{out}');\n"
|
|
|
|
|
script += "var con_tabbed = unescape('#{tln}');\n"
|
2007-02-10 06:54:03 +00:00
|
|
|
|
2007-01-20 22:19:32 +00:00
|
|
|
send_data(script, :type => "text/javascript")
|
2007-02-10 06:54:03 +00:00
|
|
|
end
|
2007-01-19 08:46:06 +00:00
|
|
|
end
|
|
|
|
|
|
2007-01-18 15:31:42 +00:00
|
|
|
end
|
