Awesome
Firewall_Enumerator_BOF
What is this?
This is meant as a supplement to interact with the Windows firewall via COM interfaces.
Did you derive inspiration from anywhere?
Yes, of course. @TheRealWover's existing code from Donut
a bit of insight in how to implement uuid
's functionality without losing sleep. Thank you!
Why?
COM in general through lower-level languages is a pain. This was meant to show that we can intermix convenience interfaces with C++ in BOF
files.
What else does this show?
This shows that it's possible to use C++ classes/wrappers within BOF
files, eliminating the need to BEGIN_INTERFACE
and lose ourselves to reimplementation depths of despair in straight C
.
What are the options this currently supports
- Fetching the total number of known Windows firewall rules via:
fw_walk total
- Enumerating each of the three default locations for firewalls configurations (profile, domain, and public) via:
fw_walk status
- The ability to disable (assuming you have sufficient privileges) all three default firewalls (profile, domian, and public) via:
fw_walk disable
- The ability to enable/revert your actions (assuming you have sufficient privileges) all three default firewalls (profile, domain, and public) via:
fw_walk enable
- The ability to peruse all enabled firewall rules, their properties (protocol, direction, application name, etc) via:
fw_walk display
How do I run this?
- In this case, you have two options:
- Use the existing, compiled object file, located in the
dist
directory (AKA proceed to major step two) - Compile from source via the
Makefile
cd src
make clean
make
- Use the existing, compiled object file, located in the
- Load the
Aggressor
file, in theScript Manager
, located in thedist
directory - Within a provided
Beacon
,beacon> fw_walk
to display the previously-mentioned options
Any known downsides?
- We're still using the
Win32
API andDynamic Function Resolution
. This is for you to determine as far as "risk" - You may attempt to incur a privileged action without sufficient requisite permissions. I can't keep you from burning your hand.
Where can we go from here?
The sky's the limit:
- Add a rule for your own application
- Add a rule for an interface of your choosing
- Delete rules at will
Special Thanks
@JohnLaTwC, you're awesome for volunteering your time to ensure coding practices are upheld on both sides of the fence!