Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?

[egypt () metasploit com]

Yes, it makes sense.  If you want a plain html file for any of msf's
http exploits, just set up the exploit and wget it.  Make sure you get
all the pieces, though.  For this particular exploit you'll need the
first jnlp file (init.jnlp), the policy file (all.policy), the second
jnlp file (exploit.jnlp) and the payload jar (<anything>.jar).  The
difficult thing, at least for some exploits, is the
forwarding-to-other-exploits part.  Since this exploit doesn't
actually have any html, there's no place to put that iframe.

egypt

On Tue, Nov 23, 2010 at 8:48 AM, Miguel Rios <miguelrios35 () yahoo com> wrote:
> The reason i want to have an html file to play around with instead of on the fly html serving is that one could throw 
> in an iframe pointing to another machine waiting full of exploits so that as the java_basicservice_impl exploit is 
> served up we can direct our victim onwards.
> The way it's setup now is that if the vic is not vulnerable to the java_basicservice_impl exploit then that's it, you 
> can't exploit them further.
> I hope I'm making some sense here.
>
> --- On Mon, 11/22/10, egypt () metasploit com <egypt () metasploit com> wrote:
>
> From: egypt () metasploit com <egypt () metasploit com>
> Subject: Re: [framework] new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?
> To: "Miguel Rios" <miguelrios35 () yahoo com>
> Cc: framework () spool metasploit com
> Date: Monday, November 22, 2010, 9:03 PM
>
> It might be possible to modify the exploit to use some other method of
> launching the jnlp file, but the current method of redirecting is
> blocked by default IE7 and 8 when inside an iframe.  Since
> browser_autopwn uses iframes for each exploit this issue makes the
> exploit largely useless in that context, so I have removed it from
> browser_autopwn.  I've also switched the order of targets so now
> Windows should be the default.  If you want to use a Java payload, set
> TARGET 1.
>
> Hope this helped,
> egypt
>
> On Mon, Nov 22, 2010 at 10:58 AM, Miguel Rios <miguelrios35 () yahoo com> wrote:
> > Hi,
> >
> > I've been messing around with the new exploit mentioned above. However, although when I open the ruby file I can 
> > see the option to use windows as well as java payloads, the exploit fails when it attempts to use a windows 
> > payload. I even tried with browser_autopwn and it also picks a windows payload by default, although it fails.
> >
> > I get this message:
> >
> > [*] [2010.11.22-17:49:54] Starting exploit windows/browser/java_basicservice_impl with payload 
> > windows/meterpreter/reverse_tcp
> > [-] [2010.11.22-17:49:54] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload.
> > [-] [2010.11.22-17:49:54] Failed to start exploit module windows/browser/java_basicservice_impl
> >
> >
> > Is this a bug? Also, while I'm at it, why can't we have these browser exploits write to an html file instead of 
> > serving the html on the fly? Writing to a file would allow for greater stealthiness and other goodies (like 
> > iframes), but it may not be feasible. Just an idea I thought I'd throw out.
> >
> > Thanks
> >
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework