Metasploit mailing list archives
Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?
From: Miguel Rios <miguelrios35 () yahoo com>
Date: Tue, 23 Nov 2010 03:21:23 -0800 (PST)
Yes it did. Helped greatly. Thanks Egypt --- On Mon, 11/22/10, egypt () metasploit com <egypt () metasploit com> wrote: From: egypt () metasploit com <egypt () metasploit com> Subject: Re: [framework] new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? To: "Miguel Rios" <miguelrios35 () yahoo com> Cc: framework () spool metasploit com Date: Monday, November 22, 2010, 9:03 PM It might be possible to modify the exploit to use some other method of launching the jnlp file, but the current method of redirecting is blocked by default IE7 and 8 when inside an iframe. Since browser_autopwn uses iframes for each exploit this issue makes the exploit largely useless in that context, so I have removed it from browser_autopwn. I've also switched the order of targets so now Windows should be the default. If you want to use a Java payload, set TARGET 1. Hope this helped, egypt On Mon, Nov 22, 2010 at 10:58 AM, Miguel Rios <miguelrios35 () yahoo com> wrote:
Hi, I've been messing around with the new exploit mentioned above. However, although when I open the ruby file I can see the option to use windows as well as java payloads, the exploit fails when it attempts to use a windows payload. I even tried with browser_autopwn and it also picks a windows payload by default, although it fails. I get this message: [*] [2010.11.22-17:49:54] Starting exploit windows/browser/java_basicservice_impl with payload windows/meterpreter/reverse_tcp [-] [2010.11.22-17:49:54] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload. [-] [2010.11.22-17:49:54] Failed to start exploit module windows/browser/java_basicservice_impl Is this a bug? Also, while I'm at it, why can't we have these browser exploits write to an html file instead of serving the html on the fly? Writing to a file would allow for greater stealthiness and other goodies (like iframes), but it may not be feasible. Just an idea I thought I'd throw out. Thanks _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? egypt (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? egypt (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Jeffs (Nov 22)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 23)
- Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads? Miguel Rios (Nov 26)