Home page logo
/

metasploit logo Metasploit mailing list archives

browser_autopwn broken in current version of Metasploit?
From: Arnar Gunnarsson <addi () addi org>
Date: Thu, 30 Jun 2011 00:41:52 +0000

There seems to be some issue with the Javascript obfuscation feature
in the browser_autopwn module in Metasploit v3.8.0-dev (r13067).

I'm able to start the module, but when I browse to the URL of the
browser_autopwn server I'm not being redirected to the actual
exploits.

msf > use auxiliary/server/browser_autopwn
msf > set LHOST 192.168.43.140
msf > set URIPATH /
msf > run

[*] Starting exploit modules on host 192.168.43.140...
[*] ---

[.... snip]

[*] --- Done, found 21 exploit modules

[*] Using URL: http://0.0.0.0:8080/
[*]  Local IP: http://192.168.43.140:8080/
[*] Server started.

Now I navigate to http://192.168.43.140:8080/ using any of the three
major browsers and they all result in the same Javascript error (line
2069).
This happens before browser_autopwn identifies the OS and browser type
and redirect the browser to a specific explot.

The offending line (line 2069)
NrkYCIMtz = nkenXYUAjhMoyZ.encode(NrkYCIMtz);


* Information from Firefox's Error Console:
---------------
Error: nkenXYUAjhMoyZ.encode is not a function
Source File: http://192.168.43.140:8080/

* Information from Chrome's Developer Tools:
---------------
Uncaught TypeError: Object #<Object> has no method 'encode'     :8080/:2069
oBeiS
                      :8080/:2069
lNFkLUahB
                  :8080/:2075
(anonymous function)
              :8080/:2076
onload
                      :8080/:2077

* Information from IE8's Developer Tools
---------------
Object doesn't support this property or method
192.168.43.140:8080, line 2069 character 3


It is also woth mentioning that all the exploits have started
correctly and I can even point a IE7 instance to a specific IE exploit
URL that succeeds. But the redirect from URIPATH
(http://192.168.43.140:8080/) to the specific IE exploit URL does not
happen.


- Addi
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
  • browser_autopwn broken in current version of Metasploit? Arnar Gunnarsson (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault