Metasploit mailing list archives
Re: HTTP Tunneling + Java Applet Proxy Auth
From: Ty Miller <tyronmiller () gmail com>
Date: Sat, 9 Jul 2011 19:54:00 +1000
Hey HD, I was using the native Win32 meterpreter + reverse_https ... I ran the following: use exploit/multi/browser/java_signed_applet set payload windows/meterpreter/reverse_http The exploit target says "Windows x86 (Native Payload)" I was surprised to see the java authentication prompt since I thought that the payload uses IE to send requests to the proxy, rather than Java. Thx, Ty On Sat, Jul 9, 2011 at 3:49 AM, HD Moore <hdm () metasploit com> wrote:
On 7/8/2011 1:58 AM, Ty Miller wrote:Hey guys, I have been using the HTTP tunnelling payload with the Java applet exploit for social engineering. When the applet is run on the system, it attempts to connect over the proxy. At this point we get a Java authentication prompt from the proxy (since I assume the applet doesn't pick up on the integrated AD authentication). Once the username and password are entered, nothing else happens. I am assuming that the payload failed due to the authentication prompt. Any thoughts on getting around this?Use the native Win32 meterpreter + reverse_https instead of the Java Meterpreter, Java should be using the native proxy auth settings for its own download though _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- HTTP Tunneling + Java Applet Proxy Auth Ty Miller (Jul 08)
- Re: HTTP Tunneling + Java Applet Proxy Auth HD Moore (Jul 08)
- Re: HTTP Tunneling + Java Applet Proxy Auth Ty Miller (Jul 09)
- Re: HTTP Tunneling + Java Applet Proxy Auth Ty Miller (Jul 09)
- Re: HTTP Tunneling + Java Applet Proxy Auth Ty Miller (Jul 09)
- Re: HTTP Tunneling + Java Applet Proxy Auth HD Moore (Jul 08)