Quote Originally Posted by dinowuff View Post
You should be able to use a reverse payload, set LHOST to the IP of your router (external) and forward LPORT to your host. Or just use a bind payload if the target is not firewalled.

I think...

You could always use Meterpreter for key logging purposes; however, I don't think that is what you are looking for.
This is exactly right. Although, if your target has a firewall/router, it will limit the exploits you can use for your attack. There would have to be port forwarding set up to allow you to attack specific vulnerabilities. You would most likely have to involve user-interaction. [opening an attachment, plugging in a USB key, visiting a malicious site, etc.]

One other suggestion, is to make use of port 80. Most firewalls don't block outbound port 80, so it will just blend in with other web traffic. If the sysadmin sees port 4444 in the logs, it would probably throw up a red flag.