XP SP2 Firewall On I guess this computer is safe exploits don't work

[portal]

And also, client-side attacks are always a threat. Even when your firewall is turned on. Because data from the server seems as a 'legit response'.

[lupin]

I have an WinNT 3.51 machine that's perfectly safe. It's sitting in a closet, with no power. 100% safe from hackers.

Unless a hacker finds their way into the closet...

[ocgearhead]

Ok I should have been more specific. I'm using metasploit v3.2 with ms-08-067 exploit and have tried all the payloads against my xp sp2 with firewall on and nothing. I'm working on my own machines on my network. Is there a working payload that will work against my xp machine that has sp2 and the firewall on? When you have alot of employees that don't care sometimes computers do not get updated when thy should.

Would love to know if there is a working exploit/payload using metasploit. The exploit above and the revers vnc payload does work if I turn off the firewall I already know this.

Thanks again to all of you.

[lupin]

Ok I should have been more specific. I'm using metasploit v3.2 with ms-08-067 exploit and have tried all the payloads against my xp sp2 with firewall on and nothing. I'm working on my own machines on my network. Is there a working payload that will work against my xp machine that has sp2 and the firewall on? When you have alot of employees that don't care sometimes computers do not get updated when thy should.

Would love to know if there is a working exploit/payload using metasploit. The exploit above and the revers vnc payload does work if I turn off the firewall I already know this.

Thanks again to all of you.

Have a think about the way that the ms-08-067 exploit works on a network level. If you don't know how it works on a network level then take a packet capture of the exploit traffic from your Metasploit system both with and without the firewall running on the target. Check the difference between the two sessions.

Then extend that thinking to other exploits. If the firewall is running on a system, what won't you be able to do towards that system? What network traffic will be prohibited and what network traffic will be allowed given your target's firewall configuration? This is the key to finding an exploit that will work against that system.

[ocgearhead]

I get what your saying and I thank you for your comments. The simple question is: "Is there any working exploit and payload that works successfully against a xp sp2 machine with the firewall on? I have port 5900 open for vnc and nmap shows 445 as well. I have tried just about all the exploits and payloads in metasploit 3.2 and 3.3.

[lupin]

I get what your saying and I thank you for your comments. The simple question is: "Is there any working exploit and payload that works successfully against a xp sp2 machine with the firewall on? I have port 5900 open for vnc and nmap shows 445 as well. I have tried just about all the exploits and payloads in metasploit 3.2 and 3.3.

The simple answer is that you can use remote exploits that will communicate to ports that are open (not firewalled) on your target and you can use reverse TCP payloads because these create outgoing connections which are not blocked by the firewall (in XP SP2 at least).

If port 445 is open then exploits which affect CIFS/SMB should work and RPC exploits should work as well as long as the RPC communication for the exploit can be channeled over named pipes. Keep in mind you must choose appropriate vulnerabilities that haven't been patched in the target system.

The appropriate VNC exploits for your version should also work.

If it doesn't work for you then start capturing packets with the firewall on/off to work out why.

[ocgearhead]

Can you give me a clue to a working exploit/payload in metasploit that works against xp sp2 with firewall on? Here is another question have you ever successfully penatrated xp sp3 with a firewall on? Hey thanks for taking the time to respond.

[lupin]

Can you give me a clue to a working exploit/payload in metasploit that works against xp sp2 with firewall on? Here is another question have you ever successfully penatrated xp sp3 with a firewall on? Hey thanks for taking the time to respond.

I gave you several clues above. I cant be more specific without finding and searching my notes from the last time I did this or without testing various exploits myself, which I don't have time to do at the moment. Maybe someone else here can offer some specifics, but what I have said above should be enough to get you pointed in the right direction to work this out on your own.

[Gitsnik]

The exploit works, where OP is sending it does not.

Honestly providing any more help than that borders on spoon feeding, and personally it seems relatively obvious that the OP does not have an understanding of network technologies, nor of how exploitation tech could work.

I highly recommend TCP/IP Illustrated. It's a good read.

[Archangel-Amael]

Honestly providing any more help than that borders on spoon feeding, and personally it seems relatively obvious that the OP does not have an understanding of network technologies, nor of how exploitation tech could work.

I would say that the eagerness to get a named "working exploit" is a bad example of social engineering with bad intentions.
It has been the same question from the OP since post number one.
Not to mention the guy keeps talking about work computers.