Results 1 to 6 of 6

Thread: Browser Autopwn question

  1. #1
    Member Krytical's Avatar
    Join Date
    Mar 2010

    Default Browser Autopwn question

    ok, so I've been reading metasploit unleashed, but im running into a problem..

    I'm on my friends computer, trying to go to the page I set up, I have DMZ enabled to the box running metasploit, but it wont send any exploits to the PC I am on...

    it just says request / from IP***
    reports the browser
    requesting favico
    404ing /favicon.ico
    responding with exploits


    it refuses to send the exploits

    ---------- edit

    for clarity, I explained better in the 4th post down..
    Last edited by Krytical; 08-08-2010 at 08:46 PM.

  2. #2
    Member Krytical's Avatar
    Join Date
    Mar 2010

    Default Re: Browser Autopwn question

    Through searching the forums again and again, I have come to believe that people here do not want issues like this discussed simply because it COULD be used for bad things...

    I personally believe the dev's set it up that way on purpose... if that is true, least someone could do is say so.. I've found a few threads similar to mine, some just died with no replies... some get flamed for bumping their own post...(yeah, I know it hasn't even been a few hours since I posted first, the thread has been viewed only 4 times so far, but others have asked in the past, I'm just continuing their question....) but nobody really says anything about the issue... other than port forwarding.. which has been done.. one other post said something similar to mine, that all the half the exploits on backtrack are set to only work against local victims or something similar to that... another thread that never got any replies...

    Guess I have to learn to read the program code myself and figure out where the problem is myself... I'll post here whenever I do find the answer, so other people like myself don't just get ignored...

    If I am mistaken about peoples intentions, or maybe the problems are purely because I don't know enough... Then I apologize for the way I come off, but its frustrating when nobody helps...

    Once you read documentation on a program and it doesn't work properly, and you have searched the support forum, with no fix found... what do you do?

    you ask the people who know the tools best... and hope, they care enough to pass on the knowledge... and hope not to get flamed by the people who take things personally, treat the forum like its their territory acting like "wtf are you doing here?"...
    Last edited by Krytical; 08-08-2010 at 08:49 PM.

  3. #3
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010

    Default Re: Browser Autopwn question

    lol, this thread makes me laugh a little bit.

    I'll bite because your second post is amusing. Could you elaborate a bit on your setup? It sounds like you are trying to exploit a box over the internet. You said you have port forwarding setup, but is it done on both sides? Which payload are you using?

  4. #4
    Member Krytical's Avatar
    Join Date
    Mar 2010

    Default Re: Browser Autopwn question

    I'm using my laptop with DMZ enabled to my laptops static ip, I'm using my friends desktop @ his house (also DMZ enabled for this test) to try to connect to my server, using the browser autopwn module in metasploit, as well as fast-track's mass client side attack

    Generic reverse tcp payload for Browser autopwn, and I attempted reverse and bind connections in the mass client side attack.

    Within the same network, everything works perfectly, all exploits run, my internet security picks up the attacks blah blah blah...

    but once I set it up to be on a different network, it will no longer send the exploits, but it DOES see the connections...

    in browser autopwn it will show the 404ing of the icons and whatnot, but no exploits...

    and in the mass client side attack, it will show me them connecting, and tells me about the exploit on port 5500 using NC ip 5500 blah blah... but again, no exploits...
    Last edited by Krytical; 08-08-2010 at 08:44 PM. Reason: clarity

  5. #5
    Developer muts's Avatar
    Join Date
    Jan 2006

    Default Re: Browser Autopwn question

    How is this even related to BackTrack ?

  6. #6
    Member Krytical's Avatar
    Join Date
    Mar 2010

    Default Re: Browser Autopwn question

    I guess its not when I really think about it, that's probably the best answer I've seen from a mod/dev... there are better forums for these questions, my apologies for being such a noob... but at least it was in the beginner section eh?

    I guess I just figured since you guys give support to many of the other tools, and pen testing topics, people may help with the tool I was having trouble with... I'll take my questions elsewhere
    Last edited by Krytical; 08-08-2010 at 09:06 PM.

Similar Threads

  1. Quick Autopwn question, seriously quick.
    By bt4pf355 in forum OLD Newbie Area
    Replies: 6
    Last Post: 01-18-2010, 10:17 PM
  2. A question about obtaining user browser information
    By Track404 in forum OLD Newbie Area
    Replies: 9
    Last Post: 12-02-2009, 08:44 AM
  3. New here, greets anmd question about Autopwn and NAT
    By Codec in forum OLD Newbie Area
    Replies: 0
    Last Post: 07-10-2009, 12:46 AM
  4. A question about metasploit's autopwn...
    By drakoth777 in forum OLD Newbie Area
    Replies: 2
    Last Post: 02-09-2009, 01:50 PM
  5. Quick FastTrack/autopwn Question
    By phoenix910 in forum OLD Pentesting
    Replies: 17
    Last Post: 04-01-2008, 01:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts