Firewall Troubling On Victims Machine

Suren white hat · June 22, 2011

Hello Guys,

Me trying bypassing windows firewall by using Exploit/Payload when I'm trying to execute some payload with Firewall enabled machine no session is created but when i turn it OFF session is created & get meterpreter console.

Is there any way to bypass or disable the windows firewall remotely using some kind of Exploit/Payload?

If yes, How.........???

UnDeFiNeD · June 22, 2011

Not sure about the exploits or payloads, but if you already have a backdoor into the machine, you can shut it off by running the victims local cmd.exe with the arguments "/c netsh advfirewall set currentprofile state off" (win7) or "/c netsh firewall set opmode disable" (xp)

of course, it needs admin rights

Suren white hat · June 22, 2011

Not sure about the exploits or payloads, but if you already have a backdoor into the machine, you can shut it off by running the victims local cmd.exe with the arguments "/c netsh advfirewall set currentprofile state off" (win7) or "/c netsh firewall set opmode disable" (xp)

of course, it needs admin rights

i tried the commands "/c netsh advfirewall set currentprofile state off" with the cmd.exe in my Windows 7 , but it says the command is not avail ?? Where i have to find this options or This is a Commands ??

i have a idea to get the admin escalation , so i am gettting stuck on command u said

Infiltrator · June 22, 2011

if the victim computer you are attacking is running Windows XP, what you need to do first is

1) Escalate your privileges

2) at the console type netsh->firewall->set firewall opmode disable

That should disable the firewall. The above command also works in Windows 7

Suren white hat · June 22, 2011

if the victim computer you are attacking is running Windows XP, what you need to do first is

1) Escalate your privileges

2) at the console type netsh->firewall->set firewall opmode disable

That should disable the firewall. The above command also works in Windows 7

thanks mr.infiltrator...reallly helped me , yeah similar to themr.undefined said...but again this command not executing bro , coz it asks admin privlges, i tried with some hacks nuttin works....bro..help me ..let me post the Screen shot bro..

UnDeFiNeD · June 22, 2011

Sorry, don't know much about metasploit, if you are running those commands in a console, remove the /c because that is meant as a runtime argument for cmd.exe but since metasploit lets you use the console, you dont need the /c

and yes, that way will work on windows 7 but it is deprecated so I was just using the method that microsoft recommends :)

Suren white hat · June 22, 2011

All i wannna Say to Both of you Infiltrator and Undefined,, Buncha Thanks too you guys ..!! i hae still so many doubts all i penned down in my notebook...ur Reply Helped me upto 85% for the solution but still am nedded to get tha admin escalation to run the Command bros...Wat to do ??? thanks in advance

Infiltrator · June 22, 2011

thanks mr.infiltrator...reallly helped me , yeah similar to themr.undefined said...but again this command not executing bro , coz it asks admin privlges, i tried with some hacks nuttin works....bro..help me ..let me post the Screen shot bro..

Don't know if you tried this or not, but right click on the CMD.exe and run it as administrator.

Edit: Have you already exploited the box, or are you trying to manually disable the firewall?

Edited June 22, 2011 by Infiltrator

Suren white hat · June 22, 2011

Don't know if you tried this or not, but right click on the CMD.exe and run it as administrator.

Edit: Have you already exploited the box, or are you trying to manually disable the firewall?

am trying to disable the firewalll manuallly bro, and i tried to run the cmd.exe with the admin privilges , it aint worked

Infiltrator · June 22, 2011

am trying to disable the firewalll manuallly bro, and i tried to run the cmd.exe with the admin privilges , it aint worked

That's very weird, I tried it on my Windows 7 machine and it worked. When you run the CMD.exe as administrator, does it ask you if you want to allow this program to make changes to your computer?

Edit: Another thing you can try is disabling the firewall from the control panel, rather than disabling from DOS.

Edited June 22, 2011 by Infiltrator

Suren white hat · June 22, 2011

That's very weird, I tried it on my Windows 7 machine and it worked. When you run the CMD.exe as administrator, does it ask you if you want to allow this program to make changes to your computer?

Edit: Another thing you can try is disabling the firewall from the control panel, rather than disabling from DOS.

yeah it asked me like ..do you want to allow this prog to run as admin , i did but that cms program aint worked let me try disabling witht the firewall as you said bro..

digip · June 22, 2011

It tells you in your cmd output, requires admin privileges. If you have local access to that machine, right click cmd.exe and then "run as administrator" and then try again. If you are doing that to a remote machine, you need to escalate your privileges to system first, then disable the firewall. Mind you, this only disables the windows firewall. If the victim runs a 3rd party firewall/antivirus, you need to kill its process as well.

UnDeFiNeD · June 22, 2011

Maybe turning UAC off will help, it sounds like it is enabled...

Open the cmd on the victim machine as admin and paste the following into the prompt

%windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

That will disable UAC (to re-enable it, change 0 to 1)

Then try

netsh advfirewall set currentprofile state off

Mr-Protocol · June 22, 2011

Try having the reverse connection connect back on port 443. It shouldn't prompt because that is a "Trusted" port.

From my understanding the original post is trying to find a way to get a session WITH firewall ENABLED.

Edited June 22, 2011 by Mr-Protocol

Suren white hat · June 22, 2011

It tells you in your cmd output, requires admin privileges. If you have local access to that machine, right click cmd.exe and then "run as administrator" and then try again. If you are doing that to a remote machine, you need to escalate your privileges to system first, then disable the firewall. Mind you, this only disables the windows firewall. If the victim runs a 3rd party firewall/antivirus, you need to kill its process as well.

just a Clean Explanation With Mutiple Solution ..Thanks MrDigip

Suren white hat · June 22, 2011

Try having the reverse connection connect back on port 443. It shouldn't prompt because that is a "Trusted" port.

From my understanding the original post is trying to find a way to get a session WITH firewall ENABLED.

Yeah that iS ,,,,you got that Bro

Sign In

Firewall Troubling On Victims Machine

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members