Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: XP SP2 Firewall On I guess this computer is safe exploits don't work

  1. #11
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default

    And also, client-side attacks are always a threat. Even when your firewall is turned on. Because data from the server seems as a 'legit response'.

  2. #12
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by streaker69 View Post
    I have an WinNT 3.51 machine that's perfectly safe. It's sitting in a closet, with no power. 100% safe from hackers.
    Unless a hacker finds their way into the closet...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #13
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default Thanks for all the responses but...

    Ok I should have been more specific. I'm using metasploit v3.2 with ms-08-067 exploit and have tried all the payloads against my xp sp2 with firewall on and nothing. I'm working on my own machines on my network. Is there a working payload that will work against my xp machine that has sp2 and the firewall on? When you have alot of employees that don't care sometimes computers do not get updated when thy should.

    Would love to know if there is a working exploit/payload using metasploit. The exploit above and the revers vnc payload does work if I turn off the firewall I already know this.

    Thanks again to all of you.

  4. #14
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by ocgearhead View Post
    Ok I should have been more specific. I'm using metasploit v3.2 with ms-08-067 exploit and have tried all the payloads against my xp sp2 with firewall on and nothing. I'm working on my own machines on my network. Is there a working payload that will work against my xp machine that has sp2 and the firewall on? When you have alot of employees that don't care sometimes computers do not get updated when thy should.

    Would love to know if there is a working exploit/payload using metasploit. The exploit above and the revers vnc payload does work if I turn off the firewall I already know this.

    Thanks again to all of you.
    Have a think about the way that the ms-08-067 exploit works on a network level. If you don't know how it works on a network level then take a packet capture of the exploit traffic from your Metasploit system both with and without the firewall running on the target. Check the difference between the two sessions.

    Then extend that thinking to other exploits. If the firewall is running on a system, what won't you be able to do towards that system? What network traffic will be prohibited and what network traffic will be allowed given your target's firewall configuration? This is the key to finding an exploit that will work against that system.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #15
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default

    I get what your saying and I thank you for your comments. The simple question is: "Is there any working exploit and payload that works successfully against a xp sp2 machine with the firewall on? I have port 5900 open for vnc and nmap shows 445 as well. I have tried just about all the exploits and payloads in metasploit 3.2 and 3.3.

  6. #16
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by ocgearhead View Post
    I get what your saying and I thank you for your comments. The simple question is: "Is there any working exploit and payload that works successfully against a xp sp2 machine with the firewall on? I have port 5900 open for vnc and nmap shows 445 as well. I have tried just about all the exploits and payloads in metasploit 3.2 and 3.3.
    The simple answer is that you can use remote exploits that will communicate to ports that are open (not firewalled) on your target and you can use reverse TCP payloads because these create outgoing connections which are not blocked by the firewall (in XP SP2 at least).

    If port 445 is open then exploits which affect CIFS/SMB should work and RPC exploits should work as well as long as the RPC communication for the exploit can be channeled over named pipes. Keep in mind you must choose appropriate vulnerabilities that haven't been patched in the target system.

    The appropriate VNC exploits for your version should also work.

    If it doesn't work for you then start capturing packets with the firewall on/off to work out why.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #17
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default

    Can you give me a clue to a working exploit/payload in metasploit that works against xp sp2 with firewall on? Here is another question have you ever successfully penatrated xp sp3 with a firewall on? Hey thanks for taking the time to respond.

  8. #18
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by ocgearhead View Post
    Can you give me a clue to a working exploit/payload in metasploit that works against xp sp2 with firewall on? Here is another question have you ever successfully penatrated xp sp3 with a firewall on? Hey thanks for taking the time to respond.
    I gave you several clues above. I cant be more specific without finding and searching my notes from the last time I did this or without testing various exploits myself, which I don't have time to do at the moment. Maybe someone else here can offer some specifics, but what I have said above should be enough to get you pointed in the right direction to work this out on your own.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #19
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    The exploit works, where OP is sending it does not.

    Honestly providing any more help than that borders on spoon feeding, and personally it seems relatively obvious that the OP does not have an understanding of network technologies, nor of how exploitation tech could work.

    I highly recommend TCP/IP Illustrated. It's a good read.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  10. #20
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Gitsnik View Post
    Honestly providing any more help than that borders on spoon feeding, and personally it seems relatively obvious that the OP does not have an understanding of network technologies, nor of how exploitation tech could work.
    I would say that the eagerness to get a named "working exploit" is a bad example of social engineering with bad intentions.
    It has been the same question from the OP since post number one.
    Not to mention the guy keeps talking about work computers.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •