Problem with SET and Metasploit Browser Autopwn

Started by k3rn3l, June 25, 2012, 10:40:33 AM

Previous topic - Next topic

k3rn3l

Hello there ,
i am having problems with SET(Social Engineering toolkit) and Metasploit Browser Autopwn.
SET
when i send ip to victim and he opens it , fills his credentials and press login , i got this error in SET terminal
xception happened during processing of request from ('118.94.67.206', 62586)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 284, in _handle_request_noblock
self.process_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 639, in __init__
self.handle()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 343, in handle
self.handle_one_request()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 313, in handle_one_request
self.raw_requestline = self.rfile.readline(65537)
File "/usr/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
error: [Errno 104] Connection reset by peer


Metasploit Browser Autopwn
when i start malicious server and send ip to victim and when he opens it ,
i only get
[ip] request for broser autopwn /
and nothing else happens
plz help me out



ZEROF

#1
This usually happens when browser closes TCP socket before web server finishes flushing. You can't use this exploit because system you try to attack is patched and you can't run attack against. And always run msf console as root.

To be sure download WebSploit and run same attack. Reboot your system before you start and check if IP address you try to use is up, and check IP of machine you try to attack. Use Zenmap to get more informations about remote machine.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

k3rn3l

Hey ZEROF
let me first talk about SET , social engineering toolkit
the following error is happening in credential harvester attack in SET
if i do phishing by uplaoding phishing page to another free web hosting then t would run fine
and
m trying to exploit ie6 with metasploit browser autopwn

ZEROF

I see, and you think somebody use IE6 today ?

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

k3rn3l

actually i ws trying on my friend and i asked him to open it in ie,.  he has windows xp and ie6