XP - SP3 and windows firewall
Hi guys, fairly new to this specific linux distro but have used Jaunty quite a bit in the past. I've been having fun reading in this forum for the last week or so.
Anyway, getting to the point quickly, a couple of friends and I pulled out our old junker laptops or desktops, installed backtrack to the hard drive in a dual boot config, and agreed that we would pentest each other (only rule is no personal emails... but we can leave awkward comments on each other's facebook or myspace wall if we so desire) . In the process of learning, we decided instead of rolling with the WINE VM XP SP2 set up, we'd have XP with SP3 (although one machine has Vista Home) and windows fire wall turned on in a dual boot system on our new backtrack machines. The goal, try and hack/crack each other as we're learn by doing kind of people.
That said, I'm running through this to try the test with metasploit -
Metasploit Unleashed - Mastering the Framework
There's one problem I'm seeing here -
Source: Windows XP SP2, section 2 on metasploit unleashedSetting up your Windows XP SP2
For this section we will download our target VM and use Wine to run a windows application known as WinRAR. This application will aid us in extracting the target VM from a split zip file. We encourage you to verify the integrity of the files to ensure you will have successful results. The process is very simple to do since back|track4 has the necessary applications to do this.
When I run through the metasploit tuts, I get the following when my friends or myself open the files -
Would the following be why my meterpreter/reverse_tcp isn't working and freezes up at the payload handler -[*] Handler failed to bind to 192.168.1.6 binding to 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
- It's the XP SP3 that's causing the meterpreter/reverse_tcp to hang up as it should be SP2
- It could be the windows or perhaps router firewall getting in my way
- A combo of both?
I figured it's either that the 3 of us on our tester machines are running XP SP3 or Vista Home (no idea what SP my friend has there as I despise Vista with a passion) or the windows/router firewall, as it will filter network traffic and it may be filtering out my reverse_tcp. However I'm new to metasploit and reading and testing so I figured I'd leave it up to the pro's.
Thanks guys.
Ok, I just tried the meterpreter/reverse_tcp pdf exploit on a vista machine... no dice. It always seems to keep freezing up at the payload handler stage. We turned off vista's firewall and AV for this test and still got blocked. Time to try it on the SP3 with the same set (no firewall, no AV). In the mean time I'm thinking the following for the vista test -
1. Even though the exploit in the pdf section of the metasploit section says it got in a vista machine, this kind of exploit may not be designed for vista.
or...
2. I got something wrong with my routing and networking.
Back to the experimentation.
