Poking hole in firewall

[sc0rpi0]

Is is possible to poke a hole in a firewall without completely disabling it so that netcat isn't stopped or

so that logs can be ftped up to a server without disruption?

different topic:

I have found two commands--which one will disable the firewall? Do these accomplish different things?

net stop "security center"

net stop "Windows Firewall/Internet Connection Sharing (ICS)"

netsh firewall set opmode disable

[K1u]

Is is possible to poke a hole in a firewall without completely disabling it so that netcat isn't stopped or

so that logs can be ftped up to a server without disruption?

different topic:

I have found two pieces of code--which one will disable the firewall? What's the difference between these pieces of code?

This?

net stop "security center"

net stop "Windows Firewall/Internet Connection Sharing (ICS)"

Or This?

netsh firewall set opmode disable

They wont do crap, all they will do is disable the windows firewall or security center, which is worthless. Please note those are commands not code, lol.

[excid3]

Another reason why i want to use NSIS for my payload: http://nsis.sourceforge.net/NsisFirewall_plug-in Muahahahaha!!!

These unfortunately only deal with the builtin windows firewall. But the concept is there and modifications can be made to possibly bypass other firewalls.

[sc0rpi0]

Another reason why i want to use NSIS for my payload: http://nsis.sourceforge.net/NsisFirewall_plug-in Muahahahaha!!!

These unfortunately only deal with the builtin windows firewall. But the concept is there and modifications can be made to possibly bypass other firewalls.

That's cool! I am so going to incorporate this in my payload.

So, from my understanding, one will have to learn the NSIS scripting language to use this?

Thanks for sharing.

[excid3]

Yes NSIS scripting language is quite easy to learn. All of the apps at http://www.portableapps.com use nsis. Download them and read through the source to get an idea of how they work as they also execute other applications. Only problem i think using NSIS will cause is with Vista's UAC. We are working on a way to disable this temporarily.

[sablefoxx]

Is is possible to poke a hole in a firewall without completely disabling it so that netcat isn't stopped or

so that logs can be ftped up to a server without disruption?

different topic:

I have found two commands--which one will disable the firewall? Do these accomplish different things?

net stop "security center"

net stop "Windows Firewall/Internet Connection Sharing (ICS)"

netsh firewall set opmode disable

Yep K1u said it, just disables the firewall and security center (those annoying pop-ups), you may also want to use the regkey in my payload to remove it from the Control Panel (i think you may alrdy have a copy of the payload).  But a lot of ppl have 3rd party apps for firewalls (ie Zone Alarm, ect) and this wont effect those at all.

[sc0rpi0]

Yep K1u said it, just disables the firewall and security center (those annoying pop-ups), you may also want to use the regkey in my payload to remove it from the Control Panel (i think you may alrdy have a copy of the payload).  But a lot of ppl have 3rd party apps for firewalls (ie Zone Alarm, ect) and this wont effect those at all.

So will zonealarm or other 3rd party firewalls stop netcat from attaching a shell to a port?

I am assuming yes, but just checking.

Will most 3rd party firewalls stop ftp?

I've made a payload which installs on the computer [temp] andslurps files out of "my documents" and ftp's them.

This approach is better than the typical batch file slurp because one doesn't have to sit around for a billion years while the

files are copying [high possibility of being caught].

After explaining what each part of the batch file did, my friend allowed me to test it on his computer.

He has zonealarm. I have mcafee. Neither detected the ftp file transfer [this was about a year ago, so zonealarm may have changed since then]

However, his very annoying security center stopped it. This is what I want to disable until next reboot.

Thanks very much.

[sablefoxx]

I would like to think a 3rd party firewall would pick it up (if it doesnt thats one shitty firewall), however even if it does the inventive mind can find ways around that as well. 

FTP slurped files? Call me crazy but coping to USB is a little faster the UL'in to a FTP server (and leaving you  FTP's info isnt a good idea either be sure is securly deletes itself), although it would allow more of a hit-and-run type of attack.  However this should also get picked up by the firewall (if it doesnt thats one shitty firewall), and the firewall is powerless to stop a xfer to USB.

the "net stop "security center" will do just that.

[sc0rpi0]

I would like to think a 3rd party firewall would pick it up (if it doesnt thats one shitty firewall), however even if it does the inventive mind can find ways around that as well. 

FTP slurped files? Call me crazy but coping to USB is a little faster the UL'in to a FTP server (and leaving you  FTP's info isnt a good idea either be sure is securly deletes itself), although it would allow more of a hit-and-run type of attack.  However this should also get picked up by the firewall (if it doesnt thats one shitty firewall), and the firewall is powerless to stop a xfer to USB.

the "net stop "security center" will do just that.

Thanks for the help.

Frankly, I don't care about leaving my ftp information around because it isn't my server. It's an angelfire account.

That isn't dangerous, is it?

Thanks again.

[sablefoxx]

Only if you start stealing government files, most people won't go through the trouble of tracking you down, but it is possible.

[beakmyn]

VBS will also allow you add/delete/modify/enable/disable firewall/firewall rules.

Such as:

add authorized application

add port

open a closed port