Disable/ Enable Windows Firewall
After we have successfully exploited a system and have a shell, we may want to alter the host firewall so that we can leverage other services to further exploit or enumerate the system.
Usually this will not trigger any alarms and can be done on the Windows command line like so…..
(Be sure to clean up your tracks afterward and revert the firewall to it’s previous state)
Enable the Firewall:
netsh firewall set opmode enable
Disable the Firewall:
netsh firewall set opmode disable
Enable specific port examples:
netsh firewall add portopening TCP 3389 RDP - (enables RDP)
netsh firewall add portopening UDP 500 IKE ENABLE ALL
Disable specific port examples:
netsh firewall delete portopening TCP 80 - (disables HTTP)
netsh firewall delete portopening UDP 500