To play with
firewall, we, first, should understand how it works.
Firewall is a
network security system designed to prevent unauthorized access to or from a
private network. Firewalls can be implemented in varied modes i.e. hardware,
software, or a combination of both. There are many types of firewall such as
Proxy firewall, Application firewall, Stateful firewall, Packet firewall, etc.
Firewalls are
connected to network and are frequently
used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets ensuring security. All messages
entering into or leaving the intranet passes through a firewall, which examines
each message and block those which do not meet the specified security criteria.
Firewall is functional on two rules which are
always encircled by Inbound and outbound rules:
Inbound rules :
These are the ones which filter traffic passing from the network to the local
computer based on the filtering conditions specified in the rule.
Outbound rules :
These are the ones which filter traffic passing from the local computer to the
network based on the filtering conditions specified in the rule.
Both inbound and
outbound rules can be configured to allow or block traffic as needed.
In other words we
can say that Inbound rules are to do with other things accessing your computer.
If you are running a Web Server on your computer then you will have to tell the
Firewall that outsiders are allowed to connect to it. Further Outbound rules
categorizes some programs to use the Internet yet block others. You will want to
let your Web Browser (Internet Explorer, Firefox, Safari, Chrome, Opera...)
have an accessibility to the Internet, so a command can be inserted which
displays that Windows Firewall is allowed.
Now let us assume
that the firewall of the victim's PC is enabled:
First hack The
Victim PC read Here
So to turn off the
firewall of victim's PC, first of all get a session through meterpreter and
then take the administrator privileges of the remote PC. Move on to the shell
of remote PC and write
"netsh
firewall set opmode mode=disable" to turn off the firewall of remote PC.
And like this, the
firewall of remote PC will be disabled.
How to
Block Website in Remote PC:
We can not only
turn off or on the firewall through metasploit but we can also block and allow
the access to any particular port. Yes, that means we can control Inbound and
Outbound rules as well. Again after having the session through meterpreter and
bypassing administrative privileges and going to the shell of the remote PC
just type
"netsh
advfirewall firewall add rule name="Block Ports" protocol=TCP dir=out
remoteport=80 action=block".
Here,
Name = The name
of the rule. (Pick something descriptive)
Protocol = The protocol we are going to block (UDP or TCP for most cases)
Dir = The
direction of the block. Can be IN or OUT
Remote Port = The port of the remote host that is going to be blocked
Action = Could be block or allow. In our case we want to block the
connection
Once you execute
the above code, all outbound requests to any host on port 80 will be blocked, and it adds an entry to the Windows
firewall:
And if you check
its properties and click on 'Protocols
and Ports' tab then you can see the result.
How to Block Multiple Ports
Now that we have
how to block a port in remote PC, let us dig a little deeper i.e we can not
only block one port but also two or more than two. And to block two to more
port again take a meterpreter session as well as administrator privileges of
the remote PC and just write
"netsh advfirewall firewall add rule
name="Block Ports" protocol=TCP dir=out remoteport=80,443
action=block"
Once you execute
the above code, all outbound requests to any host on port 80 will be blocked,
and it adds an entry to the Windows firewall:
And if you check
its properties and click on 'Protocols and Ports' tab then you will find that
now it has blocked both port 80 and port 443:
Now, by blocking ports 80 and 443 we have blocked the HTTP and HTTPS services on the remote PC and so our victim will not be
able to access any website. And the following error is displayed :
0 comments:
Post a Comment