For
introduction to firewall please visit Firewall
Penetration Testing – Part 1. In
this article we will learn how to view inbound and outbound rules of firewall
in remote PC, how to delete a rule, how to allow the port on which our payload
will work in future, how to stop your remote PC from being ping.
First
of all let us assume that there is a blocked port in outbound rule in our
remote PC:
To know which rule is enabled and disabled in our remote PC
, take a session through meterepreter and bypass administrator privileges.
After doing so type:
netsh advfirewall firewall show rule=all
Once this command is executed, all the rules will be
displayed :
In
the above image we can see that Port 80 and Port 443 is blocked under the rule
name “Block All Ports”. So to delete that rule in the remote PC type :
Netsh advfirewall firewall delete rule name=”Block
All Ports”
Once this command executed, the said rule will be deleted.
And you can run
netsh advfirewall
firewall show rule=all
Command again to see the result :
And we can also see the
result in the firewall outbound rules :
Netsh advfireweall
firewall add rule name=”Allow Port 4444” protocol=TCP dir=out remoteport=4444
action=allow
Once this command executed, port 4444 will be allowed on our
remote PC :
Now to block stop our remote PC from being pinged we can
just type :
Netsh advfirewall
firewall add rule name=”All ICMPV4” dir=in action=block protocol=icmpv4
When
this command will be executed, a rule blocking ping to our remote PC will
created
And the following will be the result :
0 comments:
Post a Comment