Results 1 to 2 of 2

Thread: Nessus vs. WinXP Firewall - IP forwarding question

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jun 2012
    Posts
    8

    Default Nessus vs. WinXP Firewall - IP forwarding question

    Hello people!

    After setting up some VM's (Win7x64, WinXP SP3, Debian Lenny, DVWA, Badstore Online Shop, Windows Server 2003) in VMWare I started
    scanning the WinXP box (with SP3 but without latest updates). When I turn off the Windows firewall Nessus shows me a lot of vulnerabilities and
    I am able to play around with metasploit and connect to the box. With firewall on I only can see that IP forwarding is enabled. NMap only shows me
    that the 1000 scanned ports are filtered and OS detection also doesn't work properly.
    I'm wondering if it is possible to bypass an active Windows firewall by taking advantage of IP forwarding or other methods to search for vulnerabilities.
    I've been looking around for good papers or threads for hours but there was nothing useful to find.

    I'm using BT5RC3 x64.

    Hope you can point me to the right direction,

    best regards

    Patrick

  2. #2
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    2

    Default Re: Nessus vs. WinXP Firewall - IP forwarding question

    Quote Originally Posted by patrickk83 View Post
    Hello people!
    ...
    scanning the WinXP box (with SP3 but without latest updates). When I turn off the Windows firewall Nessus shows me a lot of vulnerabilities and
    I am able to play around with metasploit and connect to the box. With firewall on I only can see that IP forwarding is enabled. NMap only shows me
    that the 1000 scanned ports are filtered and OS detection also doesn't work properly.
    I'm wondering if it is possible to bypass an active Windows firewall by taking advantage of IP forwarding or other methods to search for vulnerabilities....

    Patrick
    Hey Patrick, maybe it's the wrong approach. If the firewall is enabled, perhaps you could "bypass" it by the knowledge that this winxp box in a "real" situation will be allowed to browse the internet. You could assume you have a user on that winxp box that may be vulnerable to social engineering. You could get them to connect to you and run metasploit's browser autopwn. If it has an less than uptodate browser with typical java etc plugins, it will likely be vulnerable to something.

    Just a thought.

Similar Threads

  1. [Question] Nessus and Connection handle
    By tuliobaars in forum Beginners Forum
    Replies: 3
    Last Post: 02-22-2011, 11:16 PM
  2. Port Forwarding
    By m4jh0l in forum Beginners Forum
    Replies: 1
    Last Post: 02-26-2010, 05:30 PM
  3. Please teach me about IP forwarding
    By penguin_to_bits in forum OLD General IT Discussion
    Replies: 4
    Last Post: 03-30-2008, 07:43 PM
  4. Ettercap traffic forwarding
    By chrisbdaemon in forum OLD BT3beta Bugs and Fixes
    Replies: 0
    Last Post: 12-22-2007, 02:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •