Can this setting in Win 7 thwart most Metasploit attacks?

[exus69]

I came across this setting in group policy in Windows 7 Ultimate which says "Allow Remote Shell Access" which is "Not Configured" in its default state which means it allows remote shell access in its default state.

However, if I configure it to disable remote windows shell will it help me defend against
most metasploit type attacks which use "reverse_shell" as its payload?

[iliyapolak]

No because Metasploit uses various attacks against software vulnerabilities like a buffer overflow , heap overflow ,SEH overflowing and heap spraying in order to run arbitrary code (various shellcodes).
By gaining control over return address and running code in privileged process space metasploit can even attack other windows components, it is possible to inject dll,create remote thread , hooking IAT
unlinking ProcessListHead structure which is very useful to hide your process from OS also idt and ssdt hooking, but this must be performed from the kernel mode.

[comaX]

I'm not a mod or anything, but asking windows-related question here (on *backtrack* forums) is not very well perceived. Watch out

[iliyapolak]

I'm not a mod or anything, but asking windows-related question here (on *backtrack* forums) is not very well perceived. Watch out

His question is related to windows exploitation.

[ghosthunter007]

I came across this setting in group policy in Windows 7 Ultimate which says "Allow Remote Shell Access" which is "Not Configured" in its default state which means it allows remote shell access in its default state.

However, if I configure it to disable remote windows shell will it help me defend against
most metasploit type attacks which use "reverse_shell" as its payload?

Easy way to throw off any remote attack is to rename you computer to localhost this way if they try to netbios attacks Unix will attack it self.
There are a few other things you can do too, but I find this one really fun to screw people with.

Evil is an art form !!!

One more thing can do is turn your firewall into an IDS with IPS protection this will require you to remove all rules and set the firewall in active learning mode. Then the hacker will have to try to smash your TCP stack. Odds of a hacker getting in before you react is not likely. Most hacks rely on human error or laziness of not keeping up with security.

Well see yea at DefCon in August....

Webmaster be more snappy on getting posts out you still haven't posted my FreeNX howto.

OK take care hope this info helps
Ghosthunter007

[iliyapolak]

One more thing can do is turn your firewall into an IDS with IPS protection this will require you to remove all rules and set the firewall in active learning mode. Then the hacker will have to try to smash your TCP stack. Odds of a hacker getting in before you react is not likely. Most hacks rely on human error or laziness of not keeping up with security.

Today most of the attacks are client-based explotation over outgoing outbound ports in order to protect against such a attacks firewall should install filter and/or intermediate driver sitting above miniport driver,
both of them should use advanced real-time disassembling engines with behavioural and signature based scanning and analyzing of bypassing malicious traffic when concerning x86 architecture with its variable length ISA so called real-time disassembling of the obfuscated binaries is hard problem.

[Stan464]

Nope, as metasploit dosnt remote, the reverse_shell does it localy via commands sent.