Suren white hat Posted June 22, 2011 Posted June 22, 2011 Hello Guys, Me trying bypassing windows firewall by using Exploit/Payload when I'm trying to execute some payload with Firewall enabled machine no session is created but when i turn it OFF session is created & get meterpreter console. Is there any way to bypass or disable the windows firewall remotely using some kind of Exploit/Payload? If yes, How.........??? Quote
UnDeFiNeD Posted June 22, 2011 Posted June 22, 2011 Not sure about the exploits or payloads, but if you already have a backdoor into the machine, you can shut it off by running the victims local cmd.exe with the arguments "/c netsh advfirewall set currentprofile state off" (win7) or "/c netsh firewall set opmode disable" (xp) of course, it needs admin rights Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 Not sure about the exploits or payloads, but if you already have a backdoor into the machine, you can shut it off by running the victims local cmd.exe with the arguments "/c netsh advfirewall set currentprofile state off" (win7) or "/c netsh firewall set opmode disable" (xp) of course, it needs admin rights i tried the commands "/c netsh advfirewall set currentprofile state off" with the cmd.exe in my Windows 7 , but it says the command is not avail ?? Where i have to find this options or This is a Commands ?? i have a idea to get the admin escalation , so i am gettting stuck on command u said Quote
Infiltrator Posted June 22, 2011 Posted June 22, 2011 if the victim computer you are attacking is running Windows XP, what you need to do first is 1) Escalate your privileges 2) at the console type netsh->firewall->set firewall opmode disable That should disable the firewall. The above command also works in Windows 7 Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 if the victim computer you are attacking is running Windows XP, what you need to do first is 1) Escalate your privileges 2) at the console type netsh->firewall->set firewall opmode disable That should disable the firewall. The above command also works in Windows 7 thanks mr.infiltrator...reallly helped me , yeah similar to themr.undefined said...but again this command not executing bro , coz it asks admin privlges, i tried with some hacks nuttin works....bro..help me ..let me post the Screen shot bro.. Quote
UnDeFiNeD Posted June 22, 2011 Posted June 22, 2011 Sorry, don't know much about metasploit, if you are running those commands in a console, remove the /c because that is meant as a runtime argument for cmd.exe but since metasploit lets you use the console, you dont need the /c and yes, that way will work on windows 7 but it is deprecated so I was just using the method that microsoft recommends :) Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 All i wannna Say to Both of you Infiltrator and Undefined,, Buncha Thanks too you guys ..!! i hae still so many doubts all i penned down in my notebook...ur Reply Helped me upto 85% for the solution but still am nedded to get tha admin escalation to run the Command bros...Wat to do ??? thanks in advance Quote
Infiltrator Posted June 22, 2011 Posted June 22, 2011 (edited) thanks mr.infiltrator...reallly helped me , yeah similar to themr.undefined said...but again this command not executing bro , coz it asks admin privlges, i tried with some hacks nuttin works....bro..help me ..let me post the Screen shot bro.. Don't know if you tried this or not, but right click on the CMD.exe and run it as administrator. Edit: Have you already exploited the box, or are you trying to manually disable the firewall? Edited June 22, 2011 by Infiltrator Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 Don't know if you tried this or not, but right click on the CMD.exe and run it as administrator. Edit: Have you already exploited the box, or are you trying to manually disable the firewall? am trying to disable the firewalll manuallly bro, and i tried to run the cmd.exe with the admin privilges , it aint worked Quote
Infiltrator Posted June 22, 2011 Posted June 22, 2011 (edited) am trying to disable the firewalll manuallly bro, and i tried to run the cmd.exe with the admin privilges , it aint worked That's very weird, I tried it on my Windows 7 machine and it worked. When you run the CMD.exe as administrator, does it ask you if you want to allow this program to make changes to your computer? Edit: Another thing you can try is disabling the firewall from the control panel, rather than disabling from DOS. Edited June 22, 2011 by Infiltrator Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 That's very weird, I tried it on my Windows 7 machine and it worked. When you run the CMD.exe as administrator, does it ask you if you want to allow this program to make changes to your computer? Edit: Another thing you can try is disabling the firewall from the control panel, rather than disabling from DOS. yeah it asked me like ..do you want to allow this prog to run as admin , i did but that cms program aint worked let me try disabling witht the firewall as you said bro.. Quote
digip Posted June 22, 2011 Posted June 22, 2011 It tells you in your cmd output, requires admin privileges. If you have local access to that machine, right click cmd.exe and then "run as administrator" and then try again. If you are doing that to a remote machine, you need to escalate your privileges to system first, then disable the firewall. Mind you, this only disables the windows firewall. If the victim runs a 3rd party firewall/antivirus, you need to kill its process as well. Quote
UnDeFiNeD Posted June 22, 2011 Posted June 22, 2011 Maybe turning UAC off will help, it sounds like it is enabled... Open the cmd on the victim machine as admin and paste the following into the prompt %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f That will disable UAC (to re-enable it, change 0 to 1) Then try netsh advfirewall set currentprofile state off Quote
Mr-Protocol Posted June 22, 2011 Posted June 22, 2011 (edited) Try having the reverse connection connect back on port 443. It shouldn't prompt because that is a "Trusted" port. From my understanding the original post is trying to find a way to get a session WITH firewall ENABLED. Edited June 22, 2011 by Mr-Protocol Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 It tells you in your cmd output, requires admin privileges. If you have local access to that machine, right click cmd.exe and then "run as administrator" and then try again. If you are doing that to a remote machine, you need to escalate your privileges to system first, then disable the firewall. Mind you, this only disables the windows firewall. If the victim runs a 3rd party firewall/antivirus, you need to kill its process as well. just a Clean Explanation With Mutiple Solution ..Thanks MrDigip Quote
Suren white hat Posted June 22, 2011 Author Posted June 22, 2011 Try having the reverse connection connect back on port 443. It shouldn't prompt because that is a "Trusted" port. From my understanding the original post is trying to find a way to get a session WITH firewall ENABLED. Yeah that iS ,,,,you got that Bro Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.