How to set and Bypass Outbound Rule in Windows Firewall using Metasploit

In previous the firewall penetration testing article you might have read how the firewall is used for blocking any particular port in a network to prevent hackers or malicious software from gaining access to your PC. This article is written to describe how an attacker can bypass firewall rules and try to make unauthorized access of the victim’s PC.

Target: Windows PC

Attacker: Kali Linux

Let’s start!!!

Open window firewall control panel and select Advance setting to configure firewall rules as shown in the screenshot.

Go to outbound rules to configure a new rule for the firewall to add security layer in the network to secure it from attackers.

Select the type of firewall rule to be created a click radio button for option Port that controls connections for a TCP and UDP port then click on next.

Now specify the protocol and port to which rule is applied, therefore, I choose TCP and then specify port 4444 on which this rule will apply and then click on next.

Select the radio button to block the connection when a connection matches to the condition specified condition.

Select all checkboxes when this rule applies.

Here give the name to your own specified rule.  You can see in the screenshot I had named it to block port 4444 and then click on finished.

Here you can see the new outbound rule is added into the list of outbound rules. Hence victim has defended himself from establishing a connection with port 4444, now if an attacker tries to connect with the victim through port 4444 then it might be possible that the attacker doesn’t receive any reverse connection.

Now let’s examine when an attacker tries to send the malicious file using port 4444, will it work or not. Does an attacker able to receive reverse connection of victim’s pc?

Here I have generated a malicious file using msfvenom in the format of the .exe file and then send this 4444.exe file to victim and start multi handler at the background.

 Now let’s find whether we will succeed or get failed to achieve reverse connection of victims PC

OOPS!!!  No response

It means we get failed in establishing a connection between victim and attacker. Now as we know the victim has protected himself from connecting with port 4444.

Now, whenever you face such type of restriction for establishing a connection with victim then do not get disappointed think twice what is the aim of an attack? He only wants to trap the victim and want to establish a connection.

Now send your malicious file on those ports which always left open for incoming and outgoing connection.  For example port 80, port 443, port 445 and etc.

When again an attacker tries to send a malicious file using port 443. Does an attacker able to receive reverse connection of victim’s pc?

 Start multi handler and send 443.exe to the victim.

 GREAT!!!  Attack is successful

We successfully got a meterpreter session of victim’s PC inside the Metasploit framework.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Leave a Reply

Your email address will not be published. Required fields are marked *