sc0rpi0 Posted December 9, 2007 Share Posted December 9, 2007 Is is possible to poke a hole in a firewall without completely disabling it so that netcat isn't stopped or so that logs can be ftped up to a server without disruption? different topic: I have found two commands--which one will disable the firewall? Do these accomplish different things? net stop "security center" net stop "Windows Firewall/Internet Connection Sharing (ICS)" netsh firewall set opmode disable Quote Link to comment Share on other sites More sharing options...
K1u Posted December 9, 2007 Share Posted December 9, 2007 Is is possible to poke a hole in a firewall without completely disabling it so that netcat isn't stopped or so that logs can be ftped up to a server without disruption? different topic: I have found two pieces of code--which one will disable the firewall? What's the difference between these pieces of code? This? net stop "security center" net stop "Windows Firewall/Internet Connection Sharing (ICS)" Or This? netsh firewall set opmode disable They wont do crap, all they will do is disable the windows firewall or security center, which is worthless. Please note those are commands not code, lol. Quote Link to comment Share on other sites More sharing options...
excid3 Posted December 10, 2007 Share Posted December 10, 2007 Another reason why i want to use NSIS for my payload: http://nsis.sourceforge.net/NsisFirewall_plug-in Muahahahaha!!! These unfortunately only deal with the builtin windows firewall. But the concept is there and modifications can be made to possibly bypass other firewalls. Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted December 10, 2007 Author Share Posted December 10, 2007 Another reason why i want to use NSIS for my payload: http://nsis.sourceforge.net/NsisFirewall_plug-in Muahahahaha!!! These unfortunately only deal with the builtin windows firewall. But the concept is there and modifications can be made to possibly bypass other firewalls. That's cool! I am so going to incorporate this in my payload. So, from my understanding, one will have to learn the NSIS scripting language to use this? Thanks for sharing. Quote Link to comment Share on other sites More sharing options...
excid3 Posted December 10, 2007 Share Posted December 10, 2007 Yes NSIS scripting language is quite easy to learn. All of the apps at http://www.portableapps.com use nsis. Download them and read through the source to get an idea of how they work as they also execute other applications. Only problem i think using NSIS will cause is with Vista's UAC. We are working on a way to disable this temporarily. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 11, 2007 Share Posted December 11, 2007 Is is possible to poke a hole in a firewall without completely disabling it so that netcat isn't stopped or so that logs can be ftped up to a server without disruption? different topic: I have found two commands--which one will disable the firewall? Do these accomplish different things? net stop "security center" net stop "Windows Firewall/Internet Connection Sharing (ICS)" netsh firewall set opmode disable Yep K1u said it, just disables the firewall and security center (those annoying pop-ups), you may also want to use the regkey in my payload to remove it from the Control Panel (i think you may alrdy have a copy of the payload). But a lot of ppl have 3rd party apps for firewalls (ie Zone Alarm, ect) and this wont effect those at all. Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted December 11, 2007 Author Share Posted December 11, 2007 Yep K1u said it, just disables the firewall and security center (those annoying pop-ups), you may also want to use the regkey in my payload to remove it from the Control Panel (i think you may alrdy have a copy of the payload). But a lot of ppl have 3rd party apps for firewalls (ie Zone Alarm, ect) and this wont effect those at all. So will zonealarm or other 3rd party firewalls stop netcat from attaching a shell to a port? I am assuming yes, but just checking. Will most 3rd party firewalls stop ftp? I've made a payload which installs on the computer [temp] andslurps files out of "my documents" and ftp's them. This approach is better than the typical batch file slurp because one doesn't have to sit around for a billion years while the files are copying [high possibility of being caught]. After explaining what each part of the batch file did, my friend allowed me to test it on his computer. He has zonealarm. I have mcafee. Neither detected the ftp file transfer [this was about a year ago, so zonealarm may have changed since then] However, his very annoying security center stopped it. This is what I want to disable until next reboot. Thanks very much. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 12, 2007 Share Posted December 12, 2007 I would like to think a 3rd party firewall would pick it up (if it doesnt thats one shitty firewall), however even if it does the inventive mind can find ways around that as well. FTP slurped files? Call me crazy but coping to USB is a little faster the UL'in to a FTP server (and leaving you FTP's info isnt a good idea either be sure is securly deletes itself), although it would allow more of a hit-and-run type of attack. However this should also get picked up by the firewall (if it doesnt thats one shitty firewall), and the firewall is powerless to stop a xfer to USB. the "net stop "security center" will do just that. Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted December 12, 2007 Author Share Posted December 12, 2007 I would like to think a 3rd party firewall would pick it up (if it doesnt thats one shitty firewall), however even if it does the inventive mind can find ways around that as well. FTP slurped files? Call me crazy but coping to USB is a little faster the UL'in to a FTP server (and leaving you FTP's info isnt a good idea either be sure is securly deletes itself), although it would allow more of a hit-and-run type of attack. However this should also get picked up by the firewall (if it doesnt thats one shitty firewall), and the firewall is powerless to stop a xfer to USB. the "net stop "security center" will do just that. Thanks for the help. Frankly, I don't care about leaving my ftp information around because it isn't my server. It's an angelfire account. That isn't dangerous, is it? Thanks again. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 12, 2007 Share Posted December 12, 2007 Only if you start stealing government files, most people won't go through the trouble of tracking you down, but it is possible. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted December 13, 2007 Share Posted December 13, 2007 VBS will also allow you add/delete/modify/enable/disable firewall/firewall rules. Such as: add authorized application add port open a closed port Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.