Windows Outbound-Filtering Rules
This module makes some kind of TCP traceroute to get outbound-filtering rules. It will try to make a TCP connection to a certain public IP address (this IP does not need to be under your control) using different TTL incremental values. This way if you get an answer (ICMP TTL time exceeded packet) from a public IP device you can infer that the destination port is allowed. Setting STOP to true the module will stop as soon as you reach a public IP (this will generate less noise in the network).
- Borja Merino <bmerinofe [at] gmail.com>
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use post/windows/recon/outbound_ports msf post(outbound_ports) > sessions ...sessions... msf post(outbound_ports) > set SESSION <session-id> msf post(outbound_ports) > show options ...show and set options... msf post(outbound_ports) > run