Author Topic: Problem with SET and Metasploit Browser Autopwn  (Read 3483 times)

k3rn3l

  • Newbie
  • *
  • Posts: 3
    • View Profile
on: June 25, 2012, 09:40:33 AM
Hello there ,
i am having problems with SET(Social Engineering toolkit) and Metasploit Browser Autopwn.
SET
when i send ip to victim and he opens it , fills his credentials and press login , i got this error in SET terminal
Code: [Select]
xception happened during processing of request from ('118.94.67.206', 62586)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 284, in _handle_request_noblock
self.process_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 639, in __init__
self.handle()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 343, in handle
self.handle_one_request()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 313, in handle_one_request
self.raw_requestline = self.rfile.readline(65537)
File "/usr/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
error: [Errno 104] Connection reset by peer

Metasploit Browser Autopwn
when i start malicious server and send ip to victim and when he opens it ,
i only get
[ip] request for broser autopwn /
and nothing else happens
 plz help me out


« Last Edit: June 25, 2012, 10:38:47 AM by ZEROF »



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #1 on: June 25, 2012, 10:27:18 AM
This usually happens when browser closes TCP socket before web server finishes flushing. You can't use this exploit because system you try to attack is patched and you can't run attack against. And always run msf console as root.

To be sure download WebSploit and run same attack. Reboot your system before you start and check if IP address you try to use is up, and check IP of machine you try to attack. Use Zenmap to get more informations about remote machine.
« Last Edit: June 25, 2012, 11:03:29 AM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


k3rn3l

  • Newbie
  • *
  • Posts: 3
    • View Profile
Reply #2 on: June 25, 2012, 10:52:25 AM
Hey ZEROF
let me first talk about SET , social engineering toolkit
the following error is happening in credential harvester attack in SET
if i do phishing by uplaoding phishing page to another free web hosting then t would run fine
and
m trying to exploit ie6 with metasploit browser autopwn



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #3 on: June 25, 2012, 10:55:59 AM
I see, and you think somebody use IE6 today ?


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


k3rn3l

  • Newbie
  • *
  • Posts: 3
    • View Profile
Reply #4 on: June 25, 2012, 12:18:29 PM
actually i ws trying on my friend and i asked him to open it in ie,.  he has windows xp and ie6