Okay so I've been running some remote tests on my girlfriend's dad's server and his XP box is vulnerable to a major exploit, resulting in remote shell access by the attacker. Its easy enough from inside the network but he thinks his router/firewall (linksys) is enough to keep his server safe. He wants me to try and attack it from outside.

The firewall filters all incoming traffic and only allows access to certain ports. My idea is that if I can use IP spoofing to trick the router into thinking the exploit traffic is coming from the server itself, it will let it through and open the shell to my comp, from behind the firewall.

STEP 1:
[Atacker] send: *exploit with w/ spoofed IP*----> (INTERNET) ----> [Firewall] ----> [Target]

STEP 2:
[Target] send: *remote shell* --> [Firewall] ----> (INTERNET) ----> [Attacker]

STEP 3:
[Target] <-- *remote connection* --> [Target]

I am not very familiar with packet spoofing. Is what I am proposing possible or is there an easier way to go about this?

If so, how would I accomplish it? In the meantime I will read up some more on IP spoofing.


Any help or info would be apriciated!!!!!