Firewall Penetration Testing in Remote Windows PC (Part 2)

Datetime:2016-08-23 01:07:57          Topic: Penetration Testing           Share

For introduction to firewall please visit Firewall Penetration Testing – Part 1 In this article we will learn how to view inbound and outbound rules of firewall in remote PC, how to delete a rule, how to allow the port on which our payload will work in future, how to stop your remote PC from being ping.

First of all let us assume that there is a blocked port in outbound rule in our remote PC:

To know which rule is enabled and disabled in our remote PC , take a session through meterepreter and bypass administrator privileges. After doing so type:

netsh advfirewall firewall show rule=all

Once this command is executed, all the rules will be displayed :

In the above image we can see that Port 80 and Port 443 is blocked under the rule name “ Block All Ports ”.  So to delete that rule in the remote PC  type :

Netsh  advfirewall firewall delete rule name=”Block All Ports” 

Once this command executed, the said rule will be deleted. And you can run

netsh advfirewall firewall show rule=all

Command again to see the result :

And we can also see the result in the firewall outbound rules :

Our normal payload works on port 4444. Now, if we want to allow port 4444 so we can upload a payload which works on port 4444, we just have to type :

Netsh advfireweall firewall add rule name=”Allow Port 4444” protocol=TCP dir=out remoteport=4444 action=allow

Once this command executed, port 4444 will be allowed on our remote PC :

Now to block stop our remote PC from being pinged we can just type :

Netsh advfirewall firewall add rule name=”All ICMPV4” dir=in action=block protocol=icmpv4

When this command will be executed, a rule blocking ping to our remote PC will created :

And the following will be the result :

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.





About List