I recently conducted an external scan on a client.
The client was running a firewall built from Windows Server 2008 SP1.
The external ethernet adaptor had the File Sharing Tick box enabled although there was no file/directory sharing enabled on the server.
With file sharing enabled I was able to scan a load balancer running behind the firewall and to attempt exploits from Metasploit Pro.
We then unticked file sharing on the Windows 2008 Svr running the firewall.
Conducted another scan and was unable to see the load balancer behind the firewall anymore
However, the client (quite technical client) has asked how Nexpose/Metasploit is able to use File sharing to see beond the firewall, and frankly... I would like to know as well.
Can anybody help?