1.1. What is window
Microsoft Windows, a set of operating systems developed by Microsoft in the United States, was invented in 1985 and was initially just a microsoft-dos simulation environment, and the subsequent system versions were not only easy to use because of Microsoft's ongoing update upgrade. It is also slowly becoming the most popular operating system for every household. Windows uses a graphical GUI, which is more user-friendly than the way the previous DOS requires typing instructions. With the computer hardware and software upgrading, Microsoft's Windows is also constantly upgrading, from the architecture of the 16-bit, 32-bit to 64-bit, the system version from the original Windows 1.0 to everyone familiar with Windows 95, Windows 98, Windows ME, Windows 2000, Windows 2003, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, and Windows Server server Enterprise operating systems.
1.2. Common Windows users
- SYSTEM: The user with the highest privileges on the local machine.
- Administrator: The user with the highest privileges on the local machine.
- Guest: Has relatively few permissions and is disabled by default.
1.3. Common Windows user groups
Administrators, Administrators group, by default, users in Administrators have unrestricted full access to the computer/domain. The default permissions assigned to the group allow full control of the entire system. Therefore, only trusted people can become members of this group.
Power Users, the advanced user group, can perform any operating system task other than the tasks reserved for the Administrators group. The default permissions that are assigned to the Power Users group allow members of the Power Users group to modify the settings for the entire computer. However, Power Users do not have the right to add themselves to the Administrators group. In the permission settings, the permissions of this group are second only to administrators.
Users: Normal user group, the user of this group cannot make intentional or unintentional changes. As a result, users can run validated applications, but they cannot run most legacy applications. The Users group is the safest group because the default permissions assigned to the group do not allow members to modify the operating system settings or user profile. The Users group provides the safest program run environment. On NTFS-formatted volumes, the default security settings are designed to prohibit members of the group from compromising the integrity of the operating system and installed programs. Users cannot modify system registry settings, operating system files, or program files. Users can shut down the workstation, but cannot shut down the server. Users can create local groups, but can only modify local groups that they create.
Guests: Guest group, by default, guest has equal access to members of normal users, but the Guest account has more restrictions.
Everyone: As the name implies, all users, all users on this computer belong to this group.
1.4, Windows folder permissions
① Full Control:
This permission allows users to take full control of folders, subfolders, files, If you modify the permissions of a resource, get the owner of a resource, delete a resource, and so on, having full control is equal to having all other permissions;
② Modify (Modify):
This permission allows the user to modify or delete the resource while allowing the user to have write and read and run permissions;
③ Read and run (Read & Execute):
This permission allows the user to read and list the resource directory, and also allows the user to move and traverse through the resource, allowing the user to access the subfolders and files directly, even if the user does not have permission to access the path;
④ List Folder directory (List folders Contents):
This permission allows the user to view subfolders and file names in the resource;
⑤ read:
This permission allows a user to view the files and subfolders in the folder, as well as to view the properties of the folder , owner, and owned permissions, and so on;
⑥ write:
This permission allows users to create new files and subfolders in the folder, to change the properties of a folder, to view the owner and permissions of a folder, and so on.
section II Windows password Security
Tools One, quarks PwDump
Quarks PwDump is a system licensing information export tool in a WIN32 environment, Currently there is no other tool that can export such comprehensive information, supports so many OS versions, and is fairly stable. It can now be exported:-local accounts NT/LM hashes + history native NT/LM hash + historical login record –domain accounts NT/LM hashes + history domain NT/LM hash + historical Login Record the domain management password in the –cached domain password cache –bitlocker recovery information (Recovery passwords & key packages) using Bitlocker Supported operating systems for post-recovery information: xp/2003/vista/7/2008/81/usage
Instructions for use:
[Bash Shell]
Plain Text View
Copy Code?
010203040506070809101112 |
quarks-pwdump.exe <options>
Options :
-dhl --dump-
hash
-
local
-dhdc --dump-
hash
-domain-cached
-dhd --dump-
hash
-domain (NTDS_FILE must be specified)
-db --dump-bitlocker (NTDS_FILE must be specified)
-nt --ntds-
file FILE
-hist --with-
history (optional)
-t --output-
type JOHN
/LC (optional,
if no=>JOHN)
-o --output FILE (optional,
if no=>stdout)
Example: quarks-pwdump.exe --dump-
hash
-domain --with-
history
|
Tool two, Saminside
Saminside is a Russian-produced Windows password recovery software that supports the Windows Nt/2000/xp/vista operating system and is primarily used to restore the Windows user login password.
Instructions for use:
Import the Local system and files, of course, you can also import from the project files, files, note that the SAM file is the system Sam file, generally under the C:\WINDOWS\system32\config path, see:
Press the shortcut key "F4", depending on the password complexity, password length and machine performance, sometimes quickly wait until the result, if the time is too long, you can pause, save the cracked state for the next run.
Tool three, Mimikatz
What the great gods know, penetration testing is a common tool. A man of French cow B. A lightweight debugger that can help security testers crawl windows passwords.
Instructions for use:
[Bash Shell]
Plain Text View
Copy Code?
1234 |
第一条:privilege::debug // 提升权限 第二条:sekurlsa::logonpasswords // 抓取密码 |
First you need to know the number of bits of your operating system
Right-click My Computer properties
If your computer is 64-bit, it will be clearly labeled "x64", if not indicated, your computer is 32-bit.
The third section uses the hash remote login system
In the second section we get the hash:
[AppleScript]
Plain Text View
Copy Code?
1 |
44
EFCE
164
AB
921
CAAAD
3
B
435
B
51404
EE
:
32
ED
87
BDB
5
FDC
5
E
9
CBA
88547376818
D
4
|
Open Metasploit
[Bash Shell]
Plain Text View
Copy Code?
1 |
use exploit /windows/smb/pse xec // 没办法,请去掉中间空格,在一起会被屏蔽 |
Set the attack parameters
Set payload
What if I can't use it?
Local brute force hack hash
Local software download Rainbow Watch for brute force I won't explain it here.
To everyone an online crack site, convenient and fast.
http://www.objectif-securite.ch/ophcrack.php
Tips: Windows2003-shift back door
Shift Backdoor Production
Sethc.exe is the sticky key for Windows, let's back it up.
Change Cmd.exe to Sethc.exe
Double-click the user login screen five times shift
Gain insight into Windows