Re: new exploit windows/browser/java_basicservice_impl doesn't accept win payloads?

[egypt () metasploit com]

It might be possible to modify the exploit to use some other method of
launching the jnlp file, but the current method of redirecting is
blocked by default IE7 and 8 when inside an iframe.  Since
browser_autopwn uses iframes for each exploit this issue makes the
exploit largely useless in that context, so I have removed it from
browser_autopwn.  I've also switched the order of targets so now
Windows should be the default.  If you want to use a Java payload, set
TARGET 1.

Hope this helped,
egypt

On Mon, Nov 22, 2010 at 10:58 AM, Miguel Rios <miguelrios35 () yahoo com> wrote:
> Hi,
>
> I've been messing around with the new exploit mentioned above. However, although when I open the ruby file I can see 
> the option to use windows as well as java payloads, the exploit fails when it attempts to use a windows payload. I 
> even tried with browser_autopwn and it also picks a windows payload by default, although it fails.
>
> I get this message:
>
> [*] [2010.11.22-17:49:54] Starting exploit windows/browser/java_basicservice_impl with payload 
> windows/meterpreter/reverse_tcp
> [-] [2010.11.22-17:49:54] Exploit failed: windows/meterpreter/reverse_tcp is not a compatible payload.
> [-] [2010.11.22-17:49:54] Failed to start exploit module windows/browser/java_basicservice_impl
>
>
> Is this a bug? Also, while I'm at it, why can't we have these browser exploits write to an html file instead of 
> serving the html on the fly? Writing to a file would allow for greater stealthiness and other goodies (like iframes), 
> but it may not be feasible. Just an idea I thought I'd throw out.
>
> Thanks
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework