Re: HTTP Tunneling + Java Applet Proxy Auth

[Ty Miller <tyronmiller () gmail com>]

Hey,

Sorry, I just saw that you wrote "_https" ... I tried reverse_https but for
some reason it wasn't working so I reverted back to reverse_http since it
worked in my test environment but not in the clients environment.

Ty


On Sat, Jul 9, 2011 at 7:54 PM, Ty Miller <tyronmiller () gmail com> wrote:

> Hey HD,
>
> I was using the native Win32 meterpreter + reverse_https ... I ran the
> following:
>
> use exploit/multi/browser/java_signed_applet
> set payload windows/meterpreter/reverse_http
>
> The exploit target says "Windows x86 (Native Payload)"
>
> I was surprised to see the java authentication prompt since I thought that
> the payload uses IE to send requests to the proxy, rather than Java.
>
> Thx,
> Ty
>
>
>
> On Sat, Jul 9, 2011 at 3:49 AM, HD Moore <hdm () metasploit com> wrote:
>
> > On 7/8/2011 1:58 AM, Ty Miller wrote:
> > > Hey guys,
> > >
> > > I have been using the HTTP tunnelling payload with the Java applet
> > > exploit for social engineering.
> > >
> > > When the applet is run on the system, it attempts to connect over the
> > > proxy. At this point we get a Java authentication prompt from the proxy
> > > (since I assume the applet doesn't pick up on the integrated AD
> > > authentication). Once the username and password are entered, nothing
> > > else happens.
> > >
> > > I am assuming that the payload failed due to the authentication prompt.
> > >
> > > Any thoughts on getting around this?
> >
> > Use the native Win32 meterpreter + reverse_https instead of the Java
> > Meterpreter, Java should be using the native proxy auth settings for its
> > own download though
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework