adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/docs/metasploit-framework.wiki/Information-About-Unmet-Browser-Exploit-Requirements.md
T
adfoster-r7 c68ab9b77f Add Metasploit prompt color highlighting to docs
2023-01-28 22:43:33 +00:00

65 lines
4.9 KiB
Markdown
Raw Blame History

So I see your browser exploit has refused to attack due to some kind of unmet requirements. Typically this means one of the following:
* Your target doesn't have the right conditions to be exploited.
* Your target isn't vulnerable at all.
The exploit should say what requirements are not met. The requirements are explained here:
| Key | Description |
| --- | ----------- |
| **:source** | Target has JavaScript disabled. |
| **:ua_name** | Target isn't using the preferred browser. For example: Firefox, IE. |
| **:ua_ver** | Target isn't using the preferred browser version. |
| **:os_name** | Target isn't using the preferred operating system. |
| **:os_flavor** | This has been deprecated. If you see this, your Metasploit is most likely out of date. |
| **:language** | Target isn't using the preferred OS language. |
| **:arch** | Target isn't on the preferred architecture. For example: x86/x64 |
| **:proxy** | Target has a proxy. |
| **:silverlight** | Target doesn't have Silverlight installed. |
| **:office** | Target doesn't have the preferred version of Microsoft Office installed, so the exploit cannot bypass DEP. |
| **:java** | Target doesn't have the preferred version of Java. Often this is used by exploits to bypass DEP. |
| **:clsid** | Target doesn't have the preferred ActiveX control. If this is the problem, you will only see a mismatch with :activex instead of :clsid. |
| **:method** | Target doesn't have the preferred ActiveX control. If this is the problem, you will only see a mismatch with :activex instead of :method. |
| **:mshtml_build** | Target isn't on the preferred build of Internet Explorer. Usually means only specific builds of IE are vulnerable. |
| **:flash** | Target isn't using the preferred version of Adobe Flash. Often this is used by exploits to leverage code execution. |
| **:vuln_test** | A custom JavaScript-based check. There should be a custom vuln_test_error message explaining why on msfconsole. |
### How to manually check requirement comparisons:
If you'd like to check the comparisons, simply set VERBOSE to true. The following is an example:
```msf
msf exploit(ms13_022_silverlight_script_object) > set VERBOSE true
VERBOSE => true
msf exploit(ms13_022_silverlight_script_object) > run
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.64:4444
[*] Using URL: http://0.0.0.0:8080/SHIzaS2aZxIA6
msf exploit(ms13_022_silverlight_script_object) >
[*] Local IP: http://192.168.1.64:8080/SHIzaS2aZxIA6
[*] Server started.
[*] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Received cookie 'sVfdquJGHzpHyLItxoTgeJI'.
[*] 192.168.1.80 ms13_022_silverlight_script_object - Gathering target information.
[*] 192.168.1.80 ms13_022_silverlight_script_object - Sending response HTML.
[*] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Info receiver page called.
[*] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Received cookie 'ZnKtXOQIvxAclSrEOxJ'.
[!] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Received sniffed browser data over POST:
{"os_name"=>["Microsoft Windows"], "os_flavor"=>["XP"], "ua_name"=>["MSIE"], "ua_ver"=>["8.0"], "arch"=>["x86"], "java"=>["null"], "silverlight"=>["false"], "flash"=>["null"], "office"=>["null"], "mshtml_build"=>["18702"]}.
[*] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Received cookie 'ZnKtXOQIvxAclSrEOxJ'.
[*] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Serving exploit to user with tag ZnKtXOQIvxAclSrEOxJ
[*] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Setting target "ZnKtXOQIvxAclSrEOxJ" to :tried.
[!] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Comparing requirement: source=(?i-mx:script|headers) vs k=script
[!] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Comparing requirement: os_name=Microsoft Windows vs k=Microsoft Windows
[!] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Comparing requirement: ua_name=MSIE vs k=MSIE
[!] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Comparing requirement: silverlight=true vs k=false
[!] 192.168.1.80 ms13_022_silverlight_script_object - 192.168.1.80 ms13_022_silverlight_script_object - Comparing requirement: arch=x86 vs k=x86
[!] 192.168.1.80 ms13_022_silverlight_script_object - Exploit requirement(s) not met: silverlight
```
### Related Reading:
- [[How to write a browser exploit using BrowserExploitServer]]
Reference in New Issue View Git Blame Copy Permalink