Metasploit mailing list archives
Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?
From: Jeffs <jeffs () speakeasy net>
Date: Mon, 22 Nov 2010 16:26:34 -0500
All this exploit does on my system is redirect the victim to opendns and this URL:
http://guide.opendns.com/main?url=init.jnlp I know I've set the exploit up properly, too. On 11/22/2010 4:03 PM, egypt () metasploit com wrote:
It might be possible to modify the exploit to use some other method of launching the jnlp file, but the current method of redirecting is blocked by default IE7 and 8 when inside an iframe. Since browser_autopwn uses iframes for each exploit this issue makes the exploit largely useless in that context, so I have removed it from browser_autopwn. I've also switched the order of targets so now Windows should be the default. If you want to use a Java payload, set TARGET 1. Hope this helped, egypt On Mon, Nov 22, 2010 at 10:58 AM, Miguel Rios<miguelrios35 () yahoo com> wrote:Hi, I've been messing around with the new exploit mentioned above. However, although when I open the ruby file I can see the option to use windows as well as java payloads, the exploit fails when it attempts to use a windows payload. I even tried with browser_autopwn and it also picks a windows payload by default, although it fails. I get this message: [*] [2010.11.22-17:49:54] Starting exploit windows/browser/java_basicservice_impl with payload windows/meterpreter/reverse_tcp [-] [2010.11.22-17:49:54] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload. [-] [2010.11.22-17:49:54] Failed to start exploit module windows/browser/java_basicservice_impl Is this a bug? Also, while I'm at it, why can't we have these browser exploits write to an html file instead of serving the html on the fly? Writing to a file would allow for greater stealthiness and other goodies (like iframes), but it may not be feasible. Just an idea I thought I'd throw out. Thanks _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? egypt (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? egypt (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Jeffs (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 23)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 26)