Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?

[Eric <dkn4a1 () gmail com>]

On Tue, Nov 23, 2010 at 9:18 PM, Miguel Rios <miguelrios35 () yahoo com> wrote:

> The reason i want to have an html file to play around with instead of on
> the fly html serving is that one could throw in an iframe pointing to
> another machine waiting full of exploits so that as the
> java_basicservice_impl exploit is served up we can direct our victim
> onwards.
> The way it's setup now is that if the vic is not vulnerable to the
> java_basicservice_impl exploit then that's it, you can't exploit them
> further.
> I hope I'm making some sense here.


The way I use to do this is using wget, like
set up local server and

$ wget --user-agent=Mozilla\/4.0\ \(compatible\;\ MSIE\ 7.0\;\ Windows\ NT\
6.0\) URL

OR

In case if there are more files associated than only HTML file
you can change the user-agent in firefox using this 'user-agent-switcher'
addon and change to appropriate user agent.
Then browse.

Hope that helps.



> --- On *Mon, 11/22/10, egypt () metasploit com <egypt () metasploit com>* wrote:
>
>
> From: egypt () metasploit com <egypt () metasploit com>
> Subject: Re: [framework] new exploit windows/browser/java_basicservice_impl
> doesn't accept win payloads?
> To: "Miguel Rios" <miguelrios35 () yahoo com>
> Cc: framework () spool metasploit com
> Date: Monday, November 22, 2010, 9:03 PM
>
> It might be possible to modify the exploit to use some other method of
> launching the jnlp file, but the current method of redirecting is
> blocked by default IE7 and 8 when inside an iframe.  Since
> browser_autopwn uses iframes for each exploit this issue makes the
> exploit largely useless in that context, so I have removed it from
> browser_autopwn.  I've also switched the order of targets so now
> Windows should be the default.  If you want to use a Java payload, set
> TARGET 1.
>
> Hope this helped,
> egypt
>
> On Mon, Nov 22, 2010 at 10:58 AM, Miguel Rios <miguelrios35 () yahoo com<http://mc/compose?to=miguelrios35 () yahoo 
> com>>
> wrote:
> > Hi,
> >
> > I've been messing around with the new exploit mentioned above. However,
> although when I open the ruby file I can see the option to use windows as
> well as java payloads, the exploit fails when it attempts to use a windows
> payload. I even tried with browser_autopwn and it also picks a windows
> payload by default, although it fails.
> > I get this message:
> >
> > [*] [2010.11.22-17:49:54] Starting exploit
> windows/browser/java_basicservice_impl with payload
> windows/meterpreter/reverse_tcp
> > [-] [2010.11.22-17:49:54] Exploit failed: windows/meterpreter/reverse_tcp
> is not a compatible payload.
> > [-] [2010.11.22-17:49:54] Failed to start exploit module
> windows/browser/java_basicservice_impl
> > Is this a bug? Also, while I'm at it, why can't we have these browser
> exploits write to an html file instead of serving the html on the fly?
> Writing to a file would allow for greater stealthiness and other goodies
> (like iframes), but it may not be feasible. Just an idea I thought I'd throw
> out.
> > Thanks
> >
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
>
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework