Metasploit Firewall

[MassAppeal]

Ive been playing around with msf and have had success with 2-3 different exploits, and its fine when my firewall on my XP SP2 Machine is down, but im wondering how vulnerable is SP2 with its firewall on? And are there any attacks that can be launched with it on.

Also, im having toruble finding a Vista exploit other then a DoS attack, has anyone had success with this?

[lupin]

You might want to do some reading on how a firewall as well as various types of exploits work.

A firewall filters traffic based on a set of rules. Traffic that meets one set of rules is allowed, and traffic that meets another set of rules is not allowed.

Remote exploits (exploits that are launched from one attacking system against one or more victim systems over a network) use network traffic to exploit a system.

If you want to know whether a particular remote exploit will work against a firewalled system, you need to know what traffic the firewall allows and what traffic the remote exploit uses to attack the system. Based on that advice Im sure you can do the research to determine which traffic must be allowed through the firewall for a particular exploit to work. (Hint: do a packet capture of the exploit if you dont already know what service/port it contacts).

This is a Metasploit exploit that allows remote code execution vulnerability on Vista Sp1 and Sp2.

[MassAppeal]

Thanks, ill set up a wire shark capture and try some out.

My only question is, once i find out which traffic is aloud on a certain service/port say 445 microsoft-ds for example with the firewall on, i will still have to use the same module but just adjust my payload? Correct? Also i don't think i have the skill set to start making my own payloads to suit... will that be required?

[Lincoln]

Some good info on Metasploit: Metasploit Unleashed - Mastering the Framework

[lupin]

Thanks, ill set up a wire shark capture and try some out.

My only question is, once i find out which traffic is aloud on a certain service/port say 445 microsoft-ds for example with the firewall on, i will still have to use the same module but just adjust my payload? Correct? Also i don't think i have the skill set to start making my own payloads to suit... will that be required?

Depends if the firewall is blocking the initial exploit or the payload. If you are using an exploit that attacks Microsoft file sharing on port 445, the firewall needs to allow the traffic you are sending to port 445 for the exploit to work at all, regardless of payload. If the payload you send with that exploit attempts to create a listening shell on port 443, then your traffic to port 443 needs to be allowed by the firewall. If your traffic to port 445 is allowed but your traffic to port 443 is not, then changing the payload to something that would be allowed by the firewall would help, but if your traffic sent to port 445 is not allowed then the exploit wont work.