I am having problems with the Java exploit in the Social Engineer Toolkit (SET).
I am using the latest version of the SET with Metasploit fully updated.
The book "Metasploit Unleashed" (page 145) shows the Java box as situated over the browser screen (see Java OK attachment).
The same is true of purehate's guide: http://www.question-defense.com/wp-c...1-11-15-PM.png
This suggests to me that the page will not properly display unless the Java box is run which is a big incentive to click run.
However, when I attempt this (using Firefox 13.0.1 without NoScript under Ubuntu 10.04) there are two issues.
First, the Java box takes about a minute to load.
Second, when it does load, it is not over the screen as in the two examples above, but rather is external to the browser window. If you have a lot of programs open, then it is just one of many tabs at the bottom of the screen. You might not even see it.
This can be observed in the Java Not OK attachment. Imagine if I was running ten programs. It wouldn't be noticeable.
The webpage loads without needing to run the Java. Therefore, even if the victim did see it, he would have no reason to run it because the webpage is fine without it.
Am I doing something wrong here?