browser_autopwn script issues

[Miguel Rios <miguelrios35 () yahoo com>]

Hi,

Quick question on how to get my scripts to run once meterpreter shell is available with browser_autopwn (great script I 
just started experimenting with)
.
I tried to set InitialAutoRunScript to multiscript.rb -rc /path/todo.lst. Then on my todo.lst I have stuff like 
winenum, scraper, etc.

I noticed that after popping my win 7 running firefox with a java metepreter (why java was chosen I don't know), i do 
get a session but my scripts don't get run. Am I doing something wrong here?
I also noticed that the java meterpreter couldn't run a bunch of scripts and commands when I tried to do it manually. 
Specifically ps failed, firefox enum isn't supported and upload and execute also failed with some type of file path 
error (couldn't create the
 file in %temp% which is weird since any user should be able to do that). Other more basic commands like sysinfo getuid 
worked fine.

Anyway, I've noticed also that some other java things have been strange lately, like rel1k's java applet attack method 
suddenly stopped working for me (ie the applet is run by the client but nothing happens, sometimes even opens up a dos 
window showing java.exe is running but no shell or outbound connections occur). Was there some kind of major update of 
java that has broken some of our tools or is it likely just a coincidence?

Thanks Egypt for an awesome tool. I was hoping one could maybe add a priority list of exploits (ie try aurora first, 
then quicktime, etc) and choose different payloads according to the user agent (ie I'd rather have a regular windows 
meterpreter shell than java, or even a reverse https meterpreter payload).



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework