An interesting tip

Source: Internet
Author: User

Bored, CMD /? After seeing a lot of things, one of them is fun:
*******************
If/D is not specified on the command line, it will look
The following REG_SZ/reg_expand_sz registry variables. If one or
Both exist. These two variables are executed first.

HKEY_LOCAL_MACHINE/software/Microsoft/command processor/Autorun

And/or

HKEY_CURRENT_USER/software/Microsoft/command processor/Autorun
******************
Haha, it's a good place to put backdoors. I used @ C:/injshell.exe svchost.exe 1026> NUL to enable cmd without any exceptions (C:/injshell.exe is not included, of course ). If you use net user mix/Add & net localgroup administrators mix/Add, isn't it the sequel to "undead account? Let's figure it out ~~~

Someone asked me about the specific practice. If I did not understand it, I had a problem with my expression skills. :)

Use Regedit to open HKEY_LOCAL_MACHINE/software/Microsoft/command processor or HKEY_CURRENT_USER/software/Microsoft/command processor. Check whether Autorun Jian exists in this master key and change the Autorun key value to your desired command. For example, if @ C:/injshell.exe svchost.exe 1026> NUL is used, the command you set will be automatically executed if CMD is used.

I found that when I came out to play with my relatives and friends, I usually went to the internet cafe for a while. Today is no exception.

After a while with his cousin, he was prepared to get off the machine, but his cousin had to delete QQ information before he was willing to leave. This Internet cafe is a diskless system, after trying for a long time, he could not enter the QQ directory. Oh, of course, it's easy for me to go in (I 've had some research). I'm so dumb-I have installed a glacier. Dizzy !!!

I searched using the glacier client. No machine in the internet cafe was spared. The server also had a password ~~~ Too poisonous! I used to destroy all the vulnerabilities of glaciers, but he used a revised version. I accidentally deleted the server program and refused to download it from Internet cafes, or I can try again. My cousin just gave up his hand, and I must help him with it. It makes me feel so angry (My QQ Wow) that I don't remember to pull anything.

Exactly, there are two more people on the machine (at the same time press the power supply), it is estimated that the power supply line of the Internet cafe is not enough, and we sit on this machine power is not a good guy, followed by a restart. Forget it. I took my cousin to settle the bill and immediately changed the password for the security point Internet cafe.

Along the way, my cousin was always jealous of me: "I always think you are talking about security, and my security consciousness is not high. If it weren't for me to delete QQ information, I don't know how to get the password !... At the crucial time, a glacier could not work, and the password had to be changed !... Hum ~~~" --- My dizzy columns !!!

After changing to an Internet cafe, my mind had been settled for a long time. The same diskless Internet cafe (a company made it) broke through the restrictions such as the prohibition of downloading in Internet cafes. First, check that there are no suspicious items in the process list. Open msconfig and check the Startup File! There seems to be no security problem with this machine in this Internet cafe. It is time to password it. Finally, I found a glacier and scanned 7626, without any luck.

Finally, it is time to summarize. Through this, I learned the following four points:
1. Be careful about everything, and be safe first. Next back to the Internet cafe, check the process list first.
2. Everything needs a calm mind and needs to be strengthened.
3. In any case, it is inevitable that the password may be leaked! Just as after the intrusion, many security experts suggest immediately reinstalling the system-the most reliable method.
4. Glaciers can view hidden resources on diskless system hosts, which is the most convenient method I have found (like using resource manager ).

Oh, oh, good! I finally got a solution. after doing so, it would be hard to delete this directory if I don't know it. Of course, format is not included. Haha ~~~

You should know that Windows protects the names of system devices such as COM1, com2, aux, and LPT1, that is, we cannot create directories named by these names. In this case, if I have the ability to create such a directory, we can implement directory protection.

Today, I don't want to go online, so I just took a look at the previous tutorial and saw this article: How to Create a secret and protected directory on pub? The author only performed operations using flashfxp, but did not try other software. Haha ~~~ I was inspired. Let's take a look at the important section:
**************************
Summary:
Basically, it must be in the NT system. You can create any directory. If you add/(1)/after the directory name, including the COM1, com2, aux, LPT1 and so on. for example, if you have created COM1/(1)/, no one including you can access it. You only need to create COM1/AAA/(1 )/, you can access it with/COM1/AAA/, but you don't know the name of AAA. it is also very important that in many cases, only flashfxp can be used to create these directories. In addition, if you find that the root directory contains tagged, by XXX, and other words, try not to use them, this indicates that someone is using it. The general rule is that it can be used if tagged is used for more than a month, but creating a tagged in the root directory is risky, because it is easy for the cyber officers to find out.
****************************

Based on the techniques described above, I tried to find that using MD COM1/(1)/is not acceptable, but I tried several other methods, such: MD COM1/(1)/, MD COM1 //, and so on. Finally, we found that we can use MD COM1/to create a directory named COM1 (a directory named 1 will also be created under the same directory of COM1 ), then, use the MD COM1/mix/command to create a mix directory under COM1 (a directory named 2 will also be created under the same directory of COM1 ), at this time, we can copy the file you want to COM1/mix/Under the CMD environment. If the administrator wants to open the COM1 directory in the resource manager, the system will crash and access the file only through dir COM1/*. * In the CMD environment. To delete this directory, you can only clear the items in this directory and then delete them by running the RD COM1 // command.

Kakaka ~~~ A little trick. It's fun!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.