Is there a way that I can configure my Windows firewall from a Linux USB? I know you can change alot this way.
Forum Thread: Editing Windows Firewall from Linux
- Hot
- Active
-
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 32 Replies
13 hrs ago -
Forum Thread: 12 Ways How to Hack Any Social Network and Protect Yourself 2018 1 Replies
1 day ago -
Metasploit Error: Handler Failed to Bind 40 Replies
3 days ago -
Forum Thread: How to Know if You Are a Script Kiddie? 9 Replies
2 wks ago -
Forum Thread: How to Identify and Crack Hashes 8 Replies
2 wks ago -
Forum Thread: How to Hack School Website 8 Replies
3 wks ago -
Forum Thread: Whenever I Try "Airmon-Ng Start wlan0" There's an Error? 16 Replies
3 wks ago -
Forum Thread: How to Fix 'Failed to Detect and Mount CD-ROM' Problem When Installing Kali Linux 14 Replies
3 wks ago -
Forum Thread: Awesome Keylogging Script - BeeLogger 30 Replies
1 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 27 Replies
1 mo ago -
Forum Thread: Complete Guide to Creating and Hosting a Phishing Page for Beginners 48 Replies
1 mo ago -
Forum Thread: Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom? 121 Replies
1 mo ago -
How to: Minecraft DoS'Ing with Python. 1 Replies
2 mo ago -
Forum Thread: HELP I Created an Apk for Hacking My Phone Using Kali Linux in Virtual Box How Can I Install That Apk on My Phone 17 Replies
2 mo ago -
Forum Thread: Tools for Beginner Hacker 3 Replies
2 mo ago -
Forum Thread: How to Embed an Android Payload in an Image? 9 Replies
3 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 46 Replies
3 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 11 Replies
3 mo ago -
Forum Thread: Fix Initramfs Problem 5 Replies
3 mo ago -
Forum Thread: Kali Wont Start, Stuck at Kali Login: 21 Replies
4 mo ago
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
Tutorial: Create Wordlists with Crunch
-
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To: The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
Hack Like a Pro: How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
-
How To: Brute-Force Nearly Any Website Login with Hatch
-
How To: Top 10 Things to Do After Installing Kali Linux
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Crack Shadow Hashes After Getting Root on a Linux System
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Create a Persistent Back Door in Android Using Kali Linux:
-
How To: Easily Detect CVEs with Nmap Scripts
-
How To: Perform Local Privilege Escalation Using a Linux Kernel Exploit
-
Video: How to Use Maltego to Research & Mine Data Like an Analyst
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Manually Exploit EternalBlue on Windows Server Using MS17-010 Python Exploit
-
How To: Hack Web Browsers with BeEF to Control Webcams, Phish for Credentials & More
5 Responses
Most Windows firewall settings are located in the registry so Yes, you can modify the firewall using a live Linux distro. You will need "hivexsh" and the hive located on a read/write mounted filesystem. Here is how you would enable File and printer sharing on the standard profile. There's public and domain profiles too.
for example:
mkdir /mnt/win
mount -o rw /dev/sda1 /mnt/win
hivexsh -w /mnt/win/Windows/System32/Config/SOFTWARE
Using HiveXSH:
cd \Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint
ls
setval 3
@
Enabled
dword:0x01
RemoteAddresses
commit
quit
umount /mnt/win
Summary:
Mount Windows drive.
Load Software hive.
Navigate to Firewall profile path.
Add REG-DWORD named Enabled with a value of 1.
Add REG-SZ named RemoteAddresses with a blank value.
Commit changes.
Exit.
If you navigate to WindowsFirewall and there is no StandardProfile key simply create it like so:
cd \Policies\Microsoft\WindowsFirewall\
add StandardProfile
cd StandardProfile
add Services
cd Services
...
Please note the @ represent the "default" for that key space which is why theres a blank line after it. Default = nothing. Also using setval may delete all existing keys at that path so I suggest you do an "ls" to view before typing in setval....
With the fileandprint under services is that just an example or where the firewall is located?
This is the registry key created when using group policy to set file and printer sharing. The key and path does not exist by default. I was simply giving you a real world example though. The default list of items that you see in the management console are located at HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules. Take note its the system hive which is also located in the config folder with software. Take a poke around there it's quite obvious how it works.
Say you wanted to disable the firewall:
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
and
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
add a REG-DWORD called EnableFirewall with a value of 0x00.
Once again, Group Policy results in this key being set.
Ok thank you for your help! Kudos!
What if I am able to edit the windows firewall from regedit? Where would I find it within that? Are the paths you posted the same?
EDIT: Yes it is, I figured it out
Share Your Thoughts