Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

reverse shell is not blocked?

From: junkoi2004 at gmail.com (Jun Koi)
Date: Fri, 5 Jun 2009 08:29:57 +0900
On Thu, Jun 4, 2009 at 12:17 PM, Patrick Webster <patrick at aushack.com> wrote:

The payload is executed within the vulnerable software.. so generally
any networked based server that Metasploit can connect to, already has
an exception in the firewall.


This makes a lot of sense, thanks!

J




On Thu, Jun 4, 2009 at 10:44 AM, Jun Koi <junkoi2004 at gmail.com> wrote:

On Wed, Jun 3, 2009 at 6:08 PM, netevil <netevil at hackers.it> wrote:

Maybe your firewall enables outgoing HTTP connections? :)


No, that is not HTTP. The reverse shell connects to port 4444 on the
remote machine.

Do you have any idea?

Thanks,
J


Il giorno 03/giu/09, alle ore 08:28, Jun Koi <junkoi2004 at gmail.com> ha
scritto:


Hi,

On Windows XP, I play with reverse shell on an exploitation, and it
works flawlessly.

However, I notice that the reverse connection to the remote machine is
never blocked by Windows XP. Meanwhile, many software first time
connect to outside will be blocked, and a message pops up to ask to be
allowd to do so (and user must physically click the "Unblock" buttton
to allow that).

So I am wondering why reverse shell can escape that?

Thanks a lot,
J
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: