Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Information About Unmet Browser Exploit Requirements

sinn3r edited this page · 11 revisions

Metasploit Wiki Pages


Clone this wiki locally

So I see your browser exploit has refused to attack due to some kind of unmet requirements. Typically this means one of the following:

  • Your target doesn't have the right conditions to be exploited.
  • Your target isn't vulnerable at all.

The exploit should say what requirements are not met. The requirements are explained here:

Key Description
:source Target has JavaScript disabled.
:ua_name Target isn't using the preferred browser. For example: Firefox, IE.
:ua_ver Target isn't using the preferred browser version.
:os_name Target isn't using the preferred operating system.
:os_flavor This has been deprecated. If you see this, your Metasploit is most likely out of date.
:language Target isn't using the preferred OS language.
:arch Target isn't on the preferred architecture. For example: x86/x64
:proxy Target has a proxy.
:silverlight Target doesn't have Silverlight installed.
:office Target doesn't have the preferred version of Microsoft Office installed, so the exploit cannot bypass DEP.
:java Target doesn't have the preferred version of Java. Often this is used by exploits to bypass DEP.
:clsid Target doesn't have the preferred ActiveX control. If this is the problem, you will only see a mismatch with :activex instead of :clsid.
:method Target doesn't have the preferred ActiveX control. If this is the problem, you will only see a mismatch with :activex instead of :method.
:mshtml_build Target isn't on the preferred build of Internet Explorer. Usually means only specific builds of IE are vulnerable.
:flash Target isn't using the preferred version of Adobe Flash. Often this is used by exploits to leverage code execution.
:vuln_test A custom JavaScript-based check. See vuln_test_error for more info.

How to manually check requirement comparisons:

If you'd like to check the comparisons, simply set VERBOSE to true. The following is an example:

msf exploit(ms13_022_silverlight_script_object) > set VERBOSE true
VERBOSE => true
msf exploit(ms13_022_silverlight_script_object) > run
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.64:4444 
[*] Using URL: http://0.0.0.0:8080/SHIzaS2aZxIA6
msf exploit(ms13_022_silverlight_script_object) >
[*]  Local IP: http://192.168.1.64:8080/SHIzaS2aZxIA6
[*] Server started.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received cookie 'sVfdquJGHzpHyLItxoTgeJI'.
[*] 192.168.1.80     ms13_022_silverlight_script_object - Gathering target information.
[*] 192.168.1.80     ms13_022_silverlight_script_object - Sending response HTML.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Info receiver page called.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received cookie 'ZnKtXOQIvxAclSrEOxJ'.
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received sniffed browser data over POST: 
{"os_name"=>["Microsoft Windows"], "os_flavor"=>["XP"], "ua_name"=>["MSIE"], "ua_ver"=>["8.0"], "arch"=>["x86"], "java"=>["null"], "silverlight"=>["false"], "flash"=>["null"], "office"=>["null"], "mshtml_build"=>["18702"]}.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Received cookie 'ZnKtXOQIvxAclSrEOxJ'.
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Serving exploit to user with tag ZnKtXOQIvxAclSrEOxJ
[*] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Setting target "ZnKtXOQIvxAclSrEOxJ" to :tried.
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: source=(?i-mx:script|headers) vs k=script
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: os_name=Microsoft Windows vs k=Microsoft Windows
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: ua_name=MSIE vs k=MSIE
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: silverlight=true vs k=false
[!] 192.168.1.80     ms13_022_silverlight_script_object - 192.168.1.80     ms13_022_silverlight_script_object - Comparing requirement: arch=x86 vs k=x86
[!] 192.168.1.80     ms13_022_silverlight_script_object - Exploit requirement(s) not met: silverlight

Related Reading:

https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer

Something went wrong with that request. Please try again.