Browser exploit research

[n37w4lk3r]

what is the best metasploit module or mixed packet to apply to position (4) on the picture bellow .



I have made kind of a research about this .
metasploit aux/browser_aoutopwn - 1,5 % success
metasploit expl/ms10/help_center - 3,0 % success

any other suggestions ?

[lupin]

That picture isn't exactly very clear. Would you like to explain the scenario in words? Maybe mentioning what is happening during each of those steps, as well as what the overall goal is.

[killadaninja]

Yes, you need to (at the very least) explain what the overall goal is, also like Lupin says the picture is not the clearest. Are you trying to pivot from an infected computer, through the network?

[n37w4lk3r]

ok i agree that it's not so clear , and the steps are not exactly wright .
well my friends here is the scenario .

let's have one infected pc , running metsvc_bind_tcp on port 31337 , so we can control it . On that box we deploy metasploit. so we can run metasploit through that host. On that same host i used to run metasploit modules like aux/browser_autopwn and expl/ms10_help_center (or something like this it was) . Thew are set on that host to listen on port 80 , and exploit victims that are coming to it thanks to my dns spoof that i run earlier on my local network for example .

The question is , simple . Is there any better method for us to use for browser exploiting in that same scenario using java or php ? Or it is very personal , i mean we have to choose every individual we want to test , by examining what browser and version he is runnig and than choose exploit specially for that . and if so what to do if there is no sploit for that particular version of browser ?