I have two Social-Engineer Toolkit / Metasploit questions. I think I understand the answer to the first one but confirmation or clarification would be appreciated.

Thanks!

Question 1.

This is a question about the use of 0.0.0.0.

With auto_detect = ON in set_config, for Windows resource (/home/mydir/set/src/program_junk/meta_config)> set LHOST 0.0.0.0

For OSX and Linux, resource (/home/mydir/set/src/program_junk/meta_config)> set LHOST 80.232.71.126 [my IP]

I think the difference in IP addresses is because 0.0.0.0 is set first as 0.0.0.0 represents "any address" for IPv4. Then the next option is to select my Internet IP for OSX and Linux.

I then turn auto_detect = OFF in the set_config file and SET says: Enter the IP address of your interface IP or if your using an external IP, what will be used for the connection back and to house the web server (your interface address) set:webattack> IP address for the reverse connection:

I set the IP to my IP rather than to 0.0.0.0 but Windows is still set to 0.0.0.0 presumably for the reason given above (0.0.0.0 is the first choice as it represents "all" IP addresses).

Does this make sense?

Question 2.

I create the Java Applet and a cloned website along with the reverse shells for Windows, OSX, and Linux.

The /home/mydir/set/src/program_junk/web_clone shows:

-rw-r--r-- 1 root root 83046 2012-04-15 22:22 index.html
-rw-r--r-- 1 root root 67600 2012-04-15 22:21 index.html.bak
-rw-r--r-- 1 root root 20800 2012-04-15 22:24 mac.bin
-rw-r--r-- 1 root root 222592 2012-04-15 22:24 msf.exe
-rw-r--r-- 1 root root 134 2012-04-15 22:24 nix.bin
-rw-r--r-- 1 root root 4065 2012-04-15 22:24 Signed_Update.jar
-rw-r--r-- 1 root root 222592 2012-04-15 22:24 GNWd1CUz1ja12

Why is the file size for the Linux payload (nix.bin) so small compared to the OSX and Windows payloads?

It does work as I tried it on myself but I don't understand the significant difference in sizes.

Many thanks!