browser autopwn - options?

[egypt at metasploit.com (egypt at metasploit.com)]

Being able to set the payload options would certainly be useful but at
present I don't see a way to implement it that still allows you to use
meterpreter.  HDM suggested creating a "generic/advanced" payload that
chooses meterpreter if the target is windows or a shell if not and
giving browser_autpwn a PAYLOAD option like other exploits.  This
still wouldn't give you fine-grained control of what payloads to run
with what exploits but it would give you the option of using any
generic payload.  What do you think of that idea?


--egypt

On Wed, Nov 19, 2008 at 12:15 PM, Jerome Athias <jerome.athias at free.fr> wrote:
> any +/- dif ?
>
> http://www.metasploit.com/dev/trac/report/
>
> Selon Donnie Werner <morning_wood at frame4.com>:
>
> >  it would be nice to set the options for what exploit and payload to
> > include.
> > I have edited the script many times but find it isnt working properly after
> > my many edits. As well, another small bug in browser_autopwn...
> >
> > if you select any URI other than ( null ) such as /index.html the smb_relay
> > uri becomes corruped as.. /index.html\\FOOSERVER\FOOURI\bar.jpg
> > and Metasploit throws up its hands and shrugs.
> >
> > cheers,
> > Donnie Werner
> > http://exploitlabs.com
> >
> > _______________________________________________
> > http://spool.metasploit.com/mailman/listinfo/framework
>
>
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework