I am working on some of the new java exploits in the wild. However, everything goes fine, unless creating the meterpreter session.
for instance, I used java rhino exploit and after starting the server and launching the vulnerable website, all I've got is as follows:[*] 10.1.41.3 java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 10.1.41.3 java_rhino - Sending Applet.jar
In a similar situation, I've started to use java_jre17_jmxbean exploit. Although it started the server and launched the exploit, it still doesn't create the meterpreter session.
Just for the records, I've set the LPORT and LHOST to the attacker's port and attacker's IP address, respectively. So, everything is okay, unless the meterpreter session!
My victims run both Win7 and Win XP SP3.