To execute all the given commands first you need to hack you victim, to do so click here.
To read part 1 click here and for part 2 here
In this article, we will learn about how to block /allow particular IP Address in remote PC Firewall. We will also learn how to view details of programs added to the exception/allowed list and the details of port added to the exception/allowed list. Along with this we will learn how to see the status of the main settings of Firewall and what its current profile, i.e is whether it is on or off.
First off all, to make any changes in firewall in Remote PC we should first be able to tell how to check mode of firewall, that is, whether its on or off. So for every following command, first, take a session through meterpreter along with administrator privileges. After doing so, go to the shell of the remote PC and type:
netsh advfirewall show currentprofiles
After knowing the profile of firewall we can see which programs are allowed by the host of Remote PC. For this, type:
netsh firewall show allowedprogram
We can also see which ports are allowed by the host of Remote PC. And for this, type:
netsh firewall show portopening
Our next command is to see the status of the main settings. And to see them, type:
netsh firewall show config
Next, we can also see the location of file in which all the firewall logs are kept. And for this, type:
netsh firewall show logging
Firewall also allows us to Block single IP address while allowing the others and vice versa. So first to let us learn how we can Block a single IP For this, type:
netsh advfirewall firewall add rule name=”IP Block” dir=in interface=any action=block remoteip=192.168.0.15/32
(In the abobe command “/32” is a subnet mask of IP.)
After executing the said command, we can see the following result:
And we now see the properties of the IP Block rule we can see that the IP: 192.168.0.15 is blocked:
Now, similarly, to allow a particular IP Address, type:
netsh advfirewall firewall add rule name=”Allow IP” dir=in interface=any action=allow remoteip=192.168.0.15/32
(In the abobe command “/32” is a subnet mask of IP)
After executing the said command, you can see the following result:
And we now see the properties of the IP Block rule we can see that the IP : 192.168.0.15 is Allowed :
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.
The post Firewall Penetration Testing in Remote Windows PC (Part 3) appeared first on Hacking Articles.