Sometimes, when you get access to a vulnerable machine, you might want to immediately run some predefined popular scripts, written in languages as Python. But you might have the surprise to not have it installed. This is why it’s important to be used to the command line, like PowerShell or Bash.
Today, I will present you 3 cmdlets which can help in hacking. We make the assumption that you obtained an admin shell on the target machine. Let’s see how we can use PowerShell!
● Set-NetFirewallProfile
We will use this cmdlet to disable the firewall on the Windows machine where we obtained admin permissions. But first, we should see its status.
To perform this, we will use a similar command, Get-NetFirewallProfile, to retrieve the values for Domain, Private and Public. You can simply run it without any other parameters and you will get the result. I added some things for a better formatted output.
Get-NetFirewallProfile | Select-Object Name, Enabled | Format-Table
On your screen, you should see a similar outcome:
Name Enabled
---- -------
Domain True
Private True
Public True
This means you have your firewall enabled for all 3. Now, let’s change it. We must add 2 parameters: Profile and Enabled. The first is to know which one you want to set, and the second one is for the status. So, in case we need to disable the public firewall, we will execute:
Set-NetFirewallProfile -Profile Public -Enabled False
● Set-ItemProperty
For our next example, we will alter the value of a specific registry key. This cmdlet can be used for various things; however, in this case, I am going to show how to disable UAC (User Access Control). Keep in mind that this procedure requires a computer restart to take effect.
The key’s name is EnableLUA. Normally, its expected value is 1. To get UAC deactivated, it must be changed to 0.
Three parameters are required in this situation: Path, Name and Value. Our registry key is found in a specific path (check it on your computer! 😉), for the other two, I think you already know what it takes 😄.
Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name EnableLUA -Value 0
Once it’s executed, only a restart stands between you and the desired effect.
● Add-MpPreference
Our final instance will show us how to add an exception in Windows Defender. This is quite simple, we only need one parameter, the path we want to exclude from scanning. Let’s consider a case where you want to ignore directory C:\MyPrivateTools. Just run:
Add-MpPreference -ExclusionPath C:\MyPrivateTools
That’s it! As simple as that! If, after a while, you change your mind and want this exception removed, you must execute:
Remove-MpPreference -ExclusionPath C:\MyPrivateTools
In case you want to see a demo on how these 3 cmdlets are executed and what is their effect, for instance, allowing you to run malicious programs, check my video below! 👇
● Disclaimer
This article is for educational purposes only. Attacking targets without prior mutual consent is illegal. I take no responsibility for any misuse or damage caused due to the usage of the information provided here.
If you got here, I want to thank you for the time you took to read my article. I hope you enjoyed it and also learned something from it. Why not take a look at some of my other articles? Or, maybe, watch one of my YouTube videos?
Top comments (0)