Browser Autopwn question

[Krytical]

ok, so I've been reading metasploit unleashed, but im running into a problem..

I'm on my friends computer, trying to go to the page I set up, I have DMZ enabled to the box running metasploit, but it wont send any exploits to the PC I am on...

it just says request / from IP***
reports the browser
requesting favico
404ing /favicon.ico
responding with exploits
...

nothing...

it refuses to send the exploits

---------- edit

for clarity, I explained better in the 4th post down..

[Krytical]

Through searching the forums again and again, I have come to believe that people here do not want issues like this discussed simply because it COULD be used for bad things...

I personally believe the dev's set it up that way on purpose... if that is true, least someone could do is say so.. I've found a few threads similar to mine, some just died with no replies... some get flamed for bumping their own post...(yeah, I know it hasn't even been a few hours since I posted first, the thread has been viewed only 4 times so far, but others have asked in the past, I'm just continuing their question....) but nobody really says anything about the issue... other than port forwarding.. which has been done.. one other post said something similar to mine, that all the half the exploits on backtrack are set to only work against local victims or something similar to that... another thread that never got any replies...


Guess I have to learn to read the program code myself and figure out where the problem is myself... I'll post here whenever I do find the answer, so other people like myself don't just get ignored...


If I am mistaken about peoples intentions, or maybe the problems are purely because I don't know enough... Then I apologize for the way I come off, but its frustrating when nobody helps...

Once you read documentation on a program and it doesn't work properly, and you have searched the support forum, with no fix found... what do you do?

you ask the people who know the tools best... and hope, they care enough to pass on the knowledge... and hope not to get flamed by the people who take things personally, treat the forum like its their territory acting like "wtf are you doing here?"...

[g3ksan]

lol, this thread makes me laugh a little bit.

I'll bite because your second post is amusing. Could you elaborate a bit on your setup? It sounds like you are trying to exploit a box over the internet. You said you have port forwarding setup, but is it done on both sides? Which payload are you using?

[Krytical]

I'm using my laptop with DMZ enabled to my laptops static ip, I'm using my friends desktop @ his house (also DMZ enabled for this test) to try to connect to my server, using the browser autopwn module in metasploit, as well as fast-track's mass client side attack

Generic reverse tcp payload for Browser autopwn, and I attempted reverse and bind connections in the mass client side attack.


Within the same network, everything works perfectly, all exploits run, my internet security picks up the attacks blah blah blah...


but once I set it up to be on a different network, it will no longer send the exploits, but it DOES see the connections...

in browser autopwn it will show the 404ing of the icons and whatnot, but no exploits...

and in the mass client side attack, it will show me them connecting, and tells me about the exploit on port 5500 using NC ip 5500 blah blah... but again, no exploits...

[muts]

How is this even related to BackTrack ?

[Krytical]

I guess its not when I really think about it, that's probably the best answer I've seen from a mod/dev... there are better forums for these questions, my apologies for being such a noob... but at least it was in the beginner section eh?

I guess I just figured since you guys give support to many of the other tools, and pen testing topics, people may help with the tool I was having trouble with... I'll take my questions elsewhere