Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: XP SP2 Firewall On I guess this computer is safe exploits don't work

  1. #21
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default

    No actuallly if you read I am an admin experimenting on my home computers. If I am the admin of a company like I have already told you why would I need to exploit them. I make all the passwords and have access to eveything. I do'nt care about getting in. I have read alot of atricles and it seems everyone says they are exploiting or can exploit and xp sp2 machine even if the firewall is on. So I wanted to see it for myself. If you want to keep everything a secrete go ahead. It's not that big of a deal but it is funny how you all seem to not have the answer maybe becasue you don't know either. But again thanks for your help all of you I'm not trying to be rude I just asked a question and I told have time to try and answer my own with clues.

  2. #22
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Well I am the president of...
    Oh wait. Seriously man look at the posts that have been given to you by people that I would consider experts in the field.
    There is plenty to glean from them, lots of information.
    As Gitsnick mentioned "SP3 is still vulnerable to ms08_067_netapi,"
    As he stated it don't get much easier than that.
    If that does not work then you have to keep looking for things to try.
    Take a look at the software that is installed on the machines not just the OS and see if there are exploits available for said software.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #23
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default

    You right I appriciate your input. What would be a good app to monitor the traffic when trying to exploit my firewall? TCP mon or ethereal? Thanks again for your time I know you don't have to sit here and answer me so I do thank you for your time.

  4. #24
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by ocgearhead View Post
    You right I appriciate your input. What would be a good app to monitor the traffic when trying to exploit my firewall? TCP mon or ethereal? Thanks again for your time I know you don't have to sit here and answer me so I do thank you for your time.
    Well why not use wireshark since it is already in BT4?
    BTW wireshark used to be ethereal.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #25
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    7

    Default

    I captured traffic while I was testing the ms08-67 with the payload reverse_vnc_tcp would you be willing to take a look at the captured file and give me your thoughts?

  6. #26
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by ocgearhead View Post
    I captured traffic while I was testing the ms08-67 with the payload reverse_vnc_tcp would you be willing to take a look at the captured file and give me your thoughts?
    Why don't you share your thoughts first. What are you seeing in the packet capture and what do you think it means? Did you take a capture with the firewall on and one with it off? If you are having trouble interpreting the results there are plenty of resources on the Internet to help.

    Show us you are willing to put in the effort to learn and to play an active role in solving this problem. At the moment it seems that you are expecting us to do the work for you.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #27
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Yes as lupin stated above your research is not my work.
    We will all be willing to guide you but you will have to do the work involved.
    Do as mentioned make two separate but similar captures with an w/o a firewall.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #28
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default

    Quote Originally Posted by Gitsnik View Post
    SP3 is still vulnerable to ms08_067_netapi, it doesn't get much easier than that.

    Firewalling is very useful though, stops that kind of stuff happening, means you need to make more of an effort.
    I have tried the ms08_067 exploit on my 2003 SP2 and XP SP3 machine, and no effect.

    What I did is nmap scanned the two hosts for MS08-067 vulnerability, and got a reply back "THIS HOST IS NOT VULNERABLE".
    I used the script from pureh@te's post: here

    So both XP SP3 and Server 2003 SP2 are not vulnerable. Both machines had the firewalls on.

    EDIT:

    For both hosts I used the SMB port 445, it is open.

  9. #29
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by ocgearhead View Post
    Ok I should have been more specific. I'm using metasploit v3.2 with ms-08-067 exploit and have tried all the payloads against my xp sp2 with firewall on and nothing. I'm working on my own machines on my network.
    You seem very fixated on the fact that the firewall is enabled. If you disable the firewall can you exploit it successfully?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #30
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by portal View Post
    I have tried the ms08_067 exploit on my 2003 SP2 and XP SP3 machine, and no effect.

    What I did is nmap scanned the two hosts for MS08-067 vulnerability, and got a reply back "THIS HOST IS NOT VULNERABLE".
    I used the script from pureh@te's post: here

    So both XP SP3 and Server 2003 SP2 are not vulnerable. Both machines had the firewalls on.

    EDIT:

    For both hosts I used the SMB port 445, it is open.
    So both machines were not purely SPx, they had patches as well (or something else stopping it - but I'm betting patches). Try using plain systems for your dev environment.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •