3 ways to bypass Windows Firewall using Nmap

Posted by

NMAP is a powerful tool that helps you get lots of information from the target devices, exist a large list of “options” available to perform specific scans and help you with some hacking techniques. Sometimes it is easy to retrieve information from the target devices, but others you need to add more specific commands to get what you want.  You can double check that with the MAN Pages.

If the windows firewall is enabled and an ‘nmap‘ scan retrieve information, automatically you are bypassing the firewall, exist some methods to do that, fragmentation, session hijacking etc.

Let’s check some examples,

Simple TCP SYN scan,

nmap -v -sS -T5 IPADDRESS

[root@localhost ~]# nmap -v -sS -T5 192.168.1.6

The same scan, adding fragmentation and setting the MTU

nmap -v -sS -f -T5 IPADDRESS

[root@localhost ~]# nmap -v -sS -f -T5 192.168.1.6

nmap -v -sS -f –mtu 32 -T5 IPADDRESS

[root@localhost ~]# nmap -v -sS -f –mtu 32 -T5 192.168.1.6

Finally, you can add to the scan the parameter to send the ethernet packets or even force the source port you want to use.

nmap -v -sS -f –send-eth –mtu 32 -T5 IPADDRESS

[root@localhost ~]# nmap -v -sS -f –send-eth –mtu 32 -T5 192.168.1.6

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s