Got stuck on an issue hoping some of the ethicalhacker.net community would be willing to help me with.

I'm running a VMware test network with 2 xp machines and backtrack 5.  I'm going through the book : Metasploit: The Penetration Testers Guide 

http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X/ref=sr_1_1?ie=UTF8&qid=1317262561&sr=8-1

I'm able to open a reverse_tcp connection and drop the payload successfully only when windows(xp) firewall is turned off.

My question is this: How can I exploit the system when windows firewall is turned on? 

Anyone know of a good tutorial or book dealing with getting around the firewall?

Thanks!

HH

Thanks for the reply!

I'm using the good o'l easy xp ms08_067_netapi with meterpreter payload.

Will a nmap scan like -sT or aggressive -A find the open ports through a firewall?

By default Windows firewall blocks all incoming unless the user adds it as an exception.  So unless you made changes to the XP firewall configuration, you will probably not be successful with the attack.  And even a client-side attack might prove difficult since user interaction may be required to OK the outgoing traffic.  Then again if the user is local admin, you may be able to sneak in the OK through the payload.