Jump to content

Firewall Troubling On Victims Machine


Suren white hat
 Share

Recommended Posts

Hello Guys,

Me trying bypassing windows firewall by using Exploit/Payload when I'm trying to execute some payload with Firewall enabled machine no session is created but when i turn it OFF session is created & get meterpreter console.

Is there any way to bypass or disable the windows firewall remotely using some kind of Exploit/Payload?

If yes, How.........???

Link to comment
Share on other sites

Not sure about the exploits or payloads, but if you already have a backdoor into the machine, you can shut it off by running the victims local cmd.exe with the arguments "/c netsh advfirewall set currentprofile state off" (win7) or "/c netsh firewall set opmode disable" (xp)

of course, it needs admin rights

Link to comment
Share on other sites

Not sure about the exploits or payloads, but if you already have a backdoor into the machine, you can shut it off by running the victims local cmd.exe with the arguments "/c netsh advfirewall set currentprofile state off" (win7) or "/c netsh firewall set opmode disable" (xp)

of course, it needs admin rights

i tried the commands "/c netsh advfirewall set currentprofile state off" with the cmd.exe in my Windows 7 , but it says the command is not avail ?? Where i have to find this options or This is a Commands ??

i have a idea to get the admin escalation , so i am gettting stuck on command u said

Link to comment
Share on other sites

if the victim computer you are attacking is running Windows XP, what you need to do first is

1) Escalate your privileges

2) at the console type netsh->firewall->set firewall opmode disable

That should disable the firewall. The above command also works in Windows 7

Link to comment
Share on other sites

if the victim computer you are attacking is running Windows XP, what you need to do first is

1) Escalate your privileges

2) at the console type netsh->firewall->set firewall opmode disable

That should disable the firewall. The above command also works in Windows 7

thanks mr.infiltrator...reallly helped me , yeah similar to themr.undefined said...but again this command not executing bro , coz it asks admin privlges, i tried with some hacks nuttin works....bro..help me ..let me post the Screen shot bro..

post-35649-0-29227200-1308728721_thumb.j

Link to comment
Share on other sites

Sorry, don't know much about metasploit, if you are running those commands in a console, remove the /c because that is meant as a runtime argument for cmd.exe but since metasploit lets you use the console, you dont need the /c

and yes, that way will work on windows 7 but it is deprecated so I was just using the method that microsoft recommends :)

Link to comment
Share on other sites

All i wannna Say to Both of you Infiltrator and Undefined,, Buncha Thanks too you guys ..!! i hae still so many doubts all i penned down in my notebook...ur Reply Helped me upto 85% for the solution but still am nedded to get tha admin escalation to run the Command bros...Wat to do ??? thanks in advancepost-35649-0-34616400-1308729776_thumb.j

Link to comment
Share on other sites

thanks mr.infiltrator...reallly helped me , yeah similar to themr.undefined said...but again this command not executing bro , coz it asks admin privlges, i tried with some hacks nuttin works....bro..help me ..let me post the Screen shot bro..

Don't know if you tried this or not, but right click on the CMD.exe and run it as administrator.

Edit: Have you already exploited the box, or are you trying to manually disable the firewall?

Edited by Infiltrator
Link to comment
Share on other sites

Don't know if you tried this or not, but right click on the CMD.exe and run it as administrator.

Edit: Have you already exploited the box, or are you trying to manually disable the firewall?

am trying to disable the firewalll manuallly bro, and i tried to run the cmd.exe with the admin privilges , it aint worked

Link to comment
Share on other sites

am trying to disable the firewalll manuallly bro, and i tried to run the cmd.exe with the admin privilges , it aint worked

That's very weird, I tried it on my Windows 7 machine and it worked. When you run the CMD.exe as administrator, does it ask you if you want to allow this program to make changes to your computer?

Edit: Another thing you can try is disabling the firewall from the control panel, rather than disabling from DOS.

Edited by Infiltrator
Link to comment
Share on other sites

That's very weird, I tried it on my Windows 7 machine and it worked. When you run the CMD.exe as administrator, does it ask you if you want to allow this program to make changes to your computer?

Edit: Another thing you can try is disabling the firewall from the control panel, rather than disabling from DOS.

yeah it asked me like ..do you want to allow this prog to run as admin , i did but that cms program aint worked let me try disabling witht the firewall as you said bro..

Link to comment
Share on other sites

It tells you in your cmd output, requires admin privileges. If you have local access to that machine, right click cmd.exe and then "run as administrator" and then try again. If you are doing that to a remote machine, you need to escalate your privileges to system first, then disable the firewall. Mind you, this only disables the windows firewall. If the victim runs a 3rd party firewall/antivirus, you need to kill its process as well.

Link to comment
Share on other sites

Maybe turning UAC off will help, it sounds like it is enabled...

Open the cmd on the victim machine as admin and paste the following into the prompt

%windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

That will disable UAC (to re-enable it, change 0 to 1)

Then try

netsh advfirewall set currentprofile state off

Link to comment
Share on other sites

Try having the reverse connection connect back on port 443. It shouldn't prompt because that is a "Trusted" port.

From my understanding the original post is trying to find a way to get a session WITH firewall ENABLED.

Edited by Mr-Protocol
Link to comment
Share on other sites

It tells you in your cmd output, requires admin privileges. If you have local access to that machine, right click cmd.exe and then "run as administrator" and then try again. If you are doing that to a remote machine, you need to escalate your privileges to system first, then disable the firewall. Mind you, this only disables the windows firewall. If the victim runs a 3rd party firewall/antivirus, you need to kill its process as well.

just a Clean Explanation With Mutiple Solution ..Thanks MrDigip

Link to comment
Share on other sites

Try having the reverse connection connect back on port 443. It shouldn't prompt because that is a "Trusted" port.

From my understanding the original post is trying to find a way to get a session WITH firewall ENABLED.

Yeah that iS ,,,,you got that Bro

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...