From 1c4eb8ebee2520b3451aef3878ad801cd95c84f3 Mon Sep 17 00:00:00 2001 From: OJ Date: Sat, 30 Nov 2013 11:58:05 +1000 Subject: [PATCH] Add firewall control details, and diag output Added a section which shows how to enable/disable the firewall on Windows Vista+. Added WinXP SP3 output to the diag command. Updated some references in the index, added myself as a curator. --- index.md | 5 ++- windows/windows_cmd_network.md | 71 ++++++++++++++++++++++++++++++---- 2 files changed, 67 insertions(+), 9 deletions(-) diff --git a/index.md b/index.md index 7bf39dc..aabdf59 100644 --- a/index.md +++ b/index.md @@ -12,7 +12,7 @@ You can find a copy of the project online at: http://mubix.github.io/post-exploi ### Offline Use: - 1. Clone the repository or pull the archive ([download zip](https://github.com/mubix/post-exploitation-wiki/archive/master.zip)) of the repo + 1. Clone the repository or pull the archive ([download zip](https://github.com/pwnwiki/pwnwiki.github.cio/archive/master.zip)) of the repo 2. Open index.html 3. Most modern browsers don't allow the access of local files from a locally loaded HTML file. On Windows you can use [Mongoose Tiny](http://cesanta.com/downloads.html) or [HFS](http://www.rejetto.com/hfs/) to host the files locally. On OSX and Linux `python -m SimpleHTTPServer` seems to work just fine. @@ -30,7 +30,8 @@ Curators: * [@WebBreacher](https://twitter.com/webbreacher) [gimmick:TwitterFollow](@WebBreacher) * [@tekwizz123](https://twitter.com/tekwizz123) [gimmick:TwitterFollow](@tekwizz123) * [@jakx_](https://twitter.com/jakx_) [gimmick:TwitterFollow](@jakx_) + * [@TheColonial](https://twitter.com/TheColonial) [gimmick:TwitterFollow](@TheColonial) If you would like to become a curator, please contact [mubix@hak5.org](mailto:mubix@hak5.org) -[gimmick:ForkMeOnGitHub ({ color: 'red', position: 'right' })](http://www.github.com/mubix/post-exploitation-wiki/) +[gimmick:ForkMeOnGitHub ({ color: 'red', position: 'right' })](http://www.github.com/pwnwiki/pwnwiki.github.io/) diff --git a/windows/windows_cmd_network.md b/windows/windows_cmd_network.md index e4859dd..2b29a06 100644 --- a/windows/windows_cmd_network.md +++ b/windows/windows_cmd_network.md @@ -222,9 +222,9 @@ User profile Home directory Last logon 10/15/2013 6:53:42 PM
Logon hours allowed All
-Local Group Memberships *Administrators *Users -Global Group memberships *Domain Users -The command completed successfully. +Local Group Memberships \*Administrators \*Users +Global Group memberships \*Domain Users +The command completed successfully. ---- @@ -234,11 +234,68 @@ For more information: http://technet.microsoft.com/en-us/library/bb490939.aspx ### Network Services * **Command with arguments**: `netsh diag show all` * **Description**: Shows information on network services and adapters. - -Note: Windows XP only. + * **Note**: Windows XP only. * **Output**: - * (Coming soon!) + *
**Windows XP SP3:** Show/Hide ![](images/output.jpg)
C:\Users\johndoe>netsh diag show all + +Default Outlook Express Mail (Not Configured) + +Default Outlook Express News (Not Configured) + +Internet Explorer Web Proxy (Not Configured) + +Loopback (127.0.0.1) + +Computer System (OJ-75E3B8CC9475) + +Operating System (Microsoft Windows XP Professional) + +Version (5.1.2600) + +Modems + +Network Adapters + 1. [00000001] VMware Accelerated AMD PCNet Adapter + 2. [00000010] VMware Accelerated AMD PCNet Adapter + +Network Clients + 1. VMware Shared Folders + 2. Microsoft Terminal Services + 3. Microsoft Windows Network + 4. Web Client Network
+ +### Firewall Control + * **Command with arguments**: `netsh firewall set opmode [disable|enable]` + * **Description**: Enable or disable the Windows Firewall (requires admin privileges). + * **Minimum required version**: Windows Vista. + * **Output**: + *
**Windows Vista:** Show/Hide ![](images/output.jpg)
C:\Users\johndoe>netsh firewall set opmode enable +Ok. + +C:\Users\johndoe>netsh firewall set opmode disable +Ok.
+ *
**Windows 7:** Show/Hide ![](images/output.jpg)
C:\Users\johndoe>netsh firewall set opmode enable + +IMPORTANT: Command executed successfully. +However, "netsh firewall" is deprecated; +use "netsh advfirewall firewall" instead. +For more information on using "netsh advfirewall firewall" commands +instead of "netsh firewall", see KB article 947709 +at http://go.microsoft.com/fwlink/?linkid=121488 . + +Ok. + +C:\Users\johndoe>netsh firewall set opmode disable + +IMPORTANT: Command executed successfully. +However, "netsh firewall" is deprecated; +use "netsh advfirewall firewall" instead. +For more information on using "netsh advfirewall firewall" commands +instead of "netsh firewall", see KB article 947709 +at http://go.microsoft.com/fwlink/?linkid=121488 . + +Ok.
### Wireless Backdoor Creation * **Command with arguments**: @@ -369,4 +426,4 @@ x: Windows Sockets initialization failed: 5 * **Command with arguments**: `netstat -r` * **Description**: Displays the system's routing table. * **Output**: - *
**Windows 2008:** Show/Hide ![](images/output.jpg)
C:\Users\johndoe>netstat -r
===========================================================================
Interface List
10 ...00 0c 29 9a e2 26 ...... Intel(R) PRO/1000 MT Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{DDE3DF3D-3417-4EBF-BF66-73BD3A64FF26}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.34 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.34 266
192.168.10.34 255.255.255.255 On-link 192.168.10.34 266
192.168.10.255 255.255.255.255 On-link 192.168.10.34 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.34 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.34 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.10.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::11bc:e019:25e5:916d/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
\ No newline at end of file + *
**Windows 2008:** Show/Hide ![](images/output.jpg)
C:\Users\johndoe>netstat -r
===========================================================================
Interface List
10 ...00 0c 29 9a e2 26 ...... Intel(R) PRO/1000 MT Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{DDE3DF3D-3417-4EBF-BF66-73BD3A64FF26}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.34 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.34 266
192.168.10.34 255.255.255.255 On-link 192.168.10.34 266
192.168.10.255 255.255.255.255 On-link 192.168.10.34 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.34 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.34 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.10.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::11bc:e019:25e5:916d/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None