Metasploit and firewalls

[xxxhack2010]

Hi all. I love metasploit, is a great tool, but always have the same problem.
i make problems at my wifi network with my 2 pcs. 1 like attacker, the other one like attacked.
I uninstall service packs and try to get meterpreter, but always have the same problem, the firewall. The xp firewall prevents the system from metasploit attacks. And i dont know how to solve it. If i disable the firewall all ok, but i dont disable it, metasploit doesnt work.
Any idea to disable firewall from remote?

[lupin]

Moved here from the Tools Request forum.

Some options to achieve your goal:

• Use a payload that disables the Windows Firewall as part of its initial code execution. Im not aware of an existing payload that does this in Metasploit so you would probably need to write the shellcode yourself.
• Use a payload that can work through a firewall. Something like this perhaps. Or maybe one of the reverse_http payloads. Whether these will work depends on the allowed ruleset in place on the firewall.

[sickness]

Well you could go and give use some details about the exploit you are using, the Windows version, and what exactly are you trying to achieve.
Metasploit is a very complex tool ...

[mubix]

The problem you are probably running into is that you system is fresh. This means that none of the services like File and Print sharing are turned on. As soon as they are turned on, the windows firewall automatically lets anyone connect to that machine. Now, in Vista and Win7 this has changed a bit with the idea of Public and Private networking but not much.

Try making sure whatever you are trying to exploit is remotely accessible because most likely that is the actual way a system will be set up.

[xxxhack2010]

Thx Lupin and sickness for the answer. well,

the firewall is the typical firewall of windows xp sp2. I dont know if metasploit has got a payload to bypass it or not, or maybe need i to shut down firewall? But how at remote?

Yesterday i tried ms_08_067_netapi with several payloads. Vncinject, reverse_tcp, bind, etc, but with firewall enabled no works.

Being at same lan is better than outside? I tried at lan, but metasploit with firewall enabled doesnt works. Maybe could i use something similar to netsh firewall console at remote or not?

Sorry about my questions im starting metasploit just a few days ago.

[lupin]

I dont know if metasploit has got a payload to bypass it or not, or maybe need i to shut down firewall? But how at remote?

Since you apparently missed the fact that I already gave you an answer to this point Im going to suggest you spend more time with Metasploit, and more time reading about how firewalls work. Try the Metasploit Unleashed course.

[hvoc458]

when a exploiting a system, you have to make sure that it's exploitable. i've read a lot forums on using metasploit, and i've been noticing that a lot of people are using exploits without knowing if the system has been patched.Or if that system is vulnerable to that specific attack. what i would do, or what i usually do is run a scan on the system, and see what vulnerability it has. Once the vulnerability is found, i would use that info to exploit the system.you may want to look into using a port scanner. its a good method to get info on a remote system that you're trying to attack.