console with arguments

[inbox-sc1 at worldnet.att.net (inbox-sc1)]

> Is the intention to automatically launch an exploit, 
> or automatically launch it and then interact with
> the console?

My intention with this is to launch an exploit that I
have already tested with known target and payload options
and then interact with the console.

So, if near the bottom of msfweb\app\views\exploits\config.rhtml
we change

        window.parent.openConsoleWindowExploit(<%= @exploit_console %>);
to
        <% if params[:consoleOpen] == "direct" %>
                window.location="/console?index/<%= @exploit_console %>"
        <% else %>
                window.parent.openConsoleWindowExploit(<%= @exploit_console %>);
        <% end %>

we can then use the following URL

http://127.0.0.1:55555/exploits/config?
refname=windows:http:navicopa_get_overflow&payload=16&step=exploit&
target=0&eopt_RHOST=127.0.0.1&eopt_RPORT=80&popt_CMD=calc.exe&eopt_CHOST=&
consoleOpen=direct&x=1

The "consoleOpen" URL parameter is checked in the suggested new
code. If 'direct', then we open the console in the current
browser. Otherwise the existing function is called which assumes
the standard MSF web stuff with topMenu and content area DIV's.

Note: If there was an error such as an invalid option, the 
resulting page's "Launch Exploit" onClick() and Submit buttons
would need to be aware of the "consoleOpen" variable too.

I am not sure what other ripples there would be...

- Bill