Getting outbound a firewall using IE exploits

[joshuaperrymon at gmail.com (Josh L. Perrymon)]

Hey guys,

What issues would one have trying to get a reverse shell out a corporate
network if it has proxies..??
I have added more and more phishing attacks into our pen-tests.. so far we
are aroud 65% response
gaining user names and passwords from Phishing sites..  I now would like to
incorporate Metasploit on my phishing site as well...

If a users machine is exploited behind a firewall/ proxy... will the shell
contact back to my attacker machine?
Is is possible to make the payload proxy aware????

We just performed an onsite test for a large clinet and was successful in
exploiting IE on their SOE XP machines.. but that was internal...

Thanks!

J. Perrymon
packetfocus.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060606/b759c4da/attachment.htm>