Metasploit mailing list archives
Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?
From: Miguel Rios <miguelrios35 () yahoo com>
Date: Tue, 23 Nov 2010 07:48:25 -0800 (PST)
The reason i want to have an html file to play around with instead of on the fly html serving is that one could throw in an iframe pointing to another machine waiting full of exploits so that as the java_basicservice_impl exploit is served up we can direct our victim onwards. The way it's setup now is that if the vic is not vulnerable to the java_basicservice_impl exploit then that's it, you can't exploit them further. I hope I'm making some sense here. --- On Mon, 11/22/10, egypt () metasploit com <egypt () metasploit com> wrote: From: egypt () metasploit com <egypt () metasploit com> Subject: Re: [framework] new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? To: "Miguel Rios" <miguelrios35 () yahoo com> Cc: framework () spool metasploit com Date: Monday, November 22, 2010, 9:03 PM It might be possible to modify the exploit to use some other method of launching the jnlp file, but the current method of redirecting is blocked by default IE7 and 8 when inside an iframe. Since browser_autopwn uses iframes for each exploit this issue makes the exploit largely useless in that context, so I have removed it from browser_autopwn. I've also switched the order of targets so now Windows should be the default. If you want to use a Java payload, set TARGET 1. Hope this helped, egypt On Mon, Nov 22, 2010 at 10:58 AM, Miguel Rios <miguelrios35 () yahoo com> wrote:
Hi, I've been messing around with the new exploit mentioned above. However, although when I open the ruby file I can see the option to use windows as well as java payloads, the exploit fails when it attempts to use a windows payload. I even tried with browser_autopwn and it also picks a windows payload by default, although it fails. I get this message: [*] [2010.11.22-17:49:54] Starting exploit windows/browser/java_basicservice_impl with payload windows/meterpreter/reverse_tcp [-] [2010.11.22-17:49:54] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload. [-] [2010.11.22-17:49:54] Failed to start exploit module windows/browser/java_basicservice_impl Is this a bug? Also, while I'm at it, why can't we have these browser exploits write to an html file instead of serving the html on the fly? Writing to a file would allow for greater stealthiness and other goodies (like iframes), but it may not be feasible. Just an idea I thought I'd throw out. Thanks _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? egypt (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? egypt (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Jeffs (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 23)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 26)