And also, client-side attacks are always a threat. Even when your firewall is turned on. Because data from the server seems as a 'legit response'.
Ok I should have been more specific. I'm using metasploit v3.2 with ms-08-067 exploit and have tried all the payloads against my xp sp2 with firewall on and nothing. I'm working on my own machines on my network. Is there a working payload that will work against my xp machine that has sp2 and the firewall on? When you have alot of employees that don't care sometimes computers do not get updated when thy should.
Would love to know if there is a working exploit/payload using metasploit. The exploit above and the revers vnc payload does work if I turn off the firewall I already know this.
Thanks again to all of you.
Then extend that thinking to other exploits. If the firewall is running on a system, what won't you be able to do towards that system? What network traffic will be prohibited and what network traffic will be allowed given your target's firewall configuration? This is the key to finding an exploit that will work against that system.
I get what your saying and I thank you for your comments. The simple question is: "Is there any working exploit and payload that works successfully against a xp sp2 machine with the firewall on? I have port 5900 open for vnc and nmap shows 445 as well. I have tried just about all the exploits and payloads in metasploit 3.2 and 3.3.
If port 445 is open then exploits which affect CIFS/SMB should work and RPC exploits should work as well as long as the RPC communication for the exploit can be channeled over named pipes. Keep in mind you must choose appropriate vulnerabilities that haven't been patched in the target system.
The appropriate VNC exploits for your version should also work.
If it doesn't work for you then start capturing packets with the firewall on/off to work out why.
Can you give me a clue to a working exploit/payload in metasploit that works against xp sp2 with firewall on? Here is another question have you ever successfully penatrated xp sp3 with a firewall on? Hey thanks for taking the time to respond.
The exploit works, where OP is sending it does not.
Honestly providing any more help than that borders on spoon feeding, and personally it seems relatively obvious that the OP does not have an understanding of network technologies, nor of how exploitation tech could work.
I highly recommend TCP/IP Illustrated. It's a good read.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.