Metasploit mailing list archives
browser_autopwn script issues
From: Miguel Rios <miguelrios35 () yahoo com>
Date: Sat, 2 Oct 2010 12:23:22 -0700 (PDT)
Hi, Quick question on how to get my scripts to run once meterpreter shell is available with browser_autopwn (great script I just started experimenting with) . I tried to set InitialAutoRunScript to multiscript.rb -rc /path/todo.lst. Then on my todo.lst I have stuff like winenum, scraper, etc. I noticed that after popping my win 7 running firefox with a java metepreter (why java was chosen I don't know), i do get a session but my scripts don't get run. Am I doing something wrong here? I also noticed that the java meterpreter couldn't run a bunch of scripts and commands when I tried to do it manually. Specifically ps failed, firefox enum isn't supported and upload and execute also failed with some type of file path error (couldn't create the file in %temp% which is weird since any user should be able to do that). Other more basic commands like sysinfo getuid worked fine. Anyway, I've noticed also that some other java things have been strange lately, like rel1k's java applet attack method suddenly stopped working for me (ie the applet is run by the client but nothing happens, sometimes even opens up a dos window showing java.exe is running but no shell or outbound connections occur). Was there some kind of major update of java that has broken some of our tools or is it likely just a coincidence? Thanks Egypt for an awesome tool. I was hoping one could maybe add a priority list of exploits (ie try aurora first, then quicktime, etc) and choose different payloads according to the user agent (ie I'd rather have a regular windows meterpreter shell than java, or even a reverse https meterpreter payload).
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- browser_autopwn script issues Miguel Rios (Oct 02)
- Re: browser_autopwn script issues Carlos Perez (Oct 02)
- Re: browser_autopwn script issues hacksauce (Oct 06)
- Re: browser_autopwn script issues Carlos Perez (Oct 02)