Firewall Penetration Testing in Remote Windows PC (Part 3)

To execute all the given commands first you need to hack you victim, to do so click here.

To read part 1 click here and for part 2 here

In this article, we will learn about how to block /allow particular IP Address in remote PC Firewall. We will also learn how to view details of programs added to the exception/allowed list and the details of port added to the exception/allowed list. Along with this we will learn how to see the status of the main settings of Firewall and what its current profile, i.e is whether it is on or off.

First off all, to make any changes in firewall in Remote PC we should first be able to tell how to check mode of firewall, that is, whether its on or off. So for every following command, first, take a session through meterpreter along with administrator privileges. After doing so, go to the shell of the remote PC and type:

netsh advfirewall show currentprofiles

After knowing the profile of firewall we can see which programs are allowed by the host of Remote PC. For this, type:

netsh firewall show allowedprogram

We can also see which ports are allowed by the host of Remote PC. And for this, type:

netsh firewall show portopening

Our next command is to see the status of the main settings. And to see them, type:

netsh firewall show config

Next, we can also see the location of file in which all the firewall logs are kept. And for this, type:

netsh firewall show logging

Firewall also allows us to Block single IP address while allowing the others and vice versa. So first to let us learn how we can Block a single IP For this, type:

netsh advfirewall firewall add rule name=”IP Block” dir=in interface=any action=block remoteip=192.168.0.15/32

(In the abobe command “/32” is a subnet mask of IP.)

After executing the said command, we can see the following result:

And we now see the properties of the IP Block rule we can see that the IP: 192.168.0.15 is blocked:

Now, similarly, to allow a particular IP Address, type:

netsh advfirewall firewall add rule name=”Allow IP” dir=in interface=any action=allow remoteip=192.168.0.15/32

(In the abobe command “/32” is a subnet mask of IP)

After executing the said command, you can see the following result:

And we now see the properties of the IP Block rule we can see that the IP : 192.168.0.15 is Allowed :

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply