Kali Linux browser_autopwn2 WINXP IE6

Question

I'm new at Kali and Metasploit in general. I've been trying for a few days to discover it, and I'm a bit stuck when trying to exploit a VM running Windows XP and with IE 6.

Here are some screenshot from msf:

Options:

Before I connect with IE 6 from the VM:

When I connect, this is where browser_autopwn2 blocks:

And it just hangs there... I'm pretty sure I should be able to exploit a Win XP machine with IE 6. I probably set some things wrong, if someone can help me, Iwould really appreciate it.

By the way, I also tried with Firefox 43.0.1 using the VM, and it doesn't work either, but it blocks somewhere else. Here is another screenshot:

Answer 1

It doesn't work because you chose the wrong exploit.

Looking at the comments of the KingScada - kxClientDownload.ocx ActiveX Remote Code Execution exploit (here), we can see that it

abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada.

If the target PC doesn't use WellingTech KingScada, which is a particular software deployed in industrial automation systems, the exploit won't work. This is the reason why autopwn2 blocks when the target uses Internet Explorer.

Even if that software was installed in the Windows XP machine, the exploit wouldn't work, because it is written to target Internet Explorer, rather than Firefox, as we can see from the following line of code:

:ua_name => /MSIE|KXCLIE/i

where ua_name describes the User-Agent string, and MSIE is the acronym for Microsoft Internet Explorer.

As a general rule, before launching exploits, you should always understand if it targets a particular operating system or browser, if it requires some plug-in (like Flash) or if it relies on the vulnerabilities of a particular software, as in this case.