I have twice successfully used SET's Java applet attack on my Win7 machine with IE 8, but every other time has been a fail (it hangs up when it executes the handler and listens for the connect-back; never receiving the connection). One thing I noticed was that it will set LHOST to; why does that happen? I've seen this in a few places through Google but no one seems to know why. On the other side, the victim browser can always connect to the attacking server and see the correct page and Java Applet prompt. But after clicking Run, nothing happens. Anyone know how to fix this?