Windows basic knowledge

Catalogue

C:/windows/system32/config/sam User name password----can enter the PE change password

c:/windows/system32/drivers/etc/hosts, local DNS

c:/User/username/document/tencent files and store QQ data

Win+r, enter "Services.msc" to view services

Common services: Web service, DNS service, DHCP service, Telnet service, SSH service, FTP service, WMB service.

Differentiate between services by "IP address + port number", Port number: 1-65535, pre-reserved port: 1-1024, general self-setting port: 8000~

HTTP:80/8080/3128/8081/9080,FTP:20/21 (file transfer), dns:53

dhcp:67/68,tftp:69,https:443,smb:445

mysql:3306,sqlserver:1433,oracle:1521

TELNET:23 (remote login), ssh:22 (secure transfer), smtp:25 (mail), pop3:110 (mail)

tomcat:8080,rdp:3389 (win2003 remote login), qq:1080

Registration Form

The registry is a core database in the Windows operating system that holds various parameters that directly control the startup of Windows, the loading of hardware drivers, and the operation of some Windows applications, thus playing a central role throughout the system. These include software and hardware-related configuration and status information, such as the initial conditions for the application and Resource Manager shell in the registry, preferences and uninstallation data, the entire system settings and licenses for networked computers, the association of File extensions to applications, the description, status and properties of hardware parts, Performance records and other underlying system state information, as well as other data.

View Boot start:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Common Registry in intrusion:

Hkey_local_machine\software\hzhost\config\settings\mysqlpass

Hket_local_machine\software\hzhost\config\settings\mssqlpss

Hkey_local_machine\software\hzhost\config\settings\mastersvrpass

Hkey_local_machine\system\liweiwensoft\installfreeadmin\11

Hkey_local_machine\system\liweiwensoft\installfreehost\11

CMD command

Arp-a: View ARP cache table information in the current LAN

NET view: View host computer name in LAN

Shutdown-s (off)-T 180 (time)-C "Hello" (Popup information)/-A (cancel shutdown)

MSG Administrator (user) "Hello" (Popup message content)

Dir: View current directory CD: Switch directory MD: Create directory rd: Delete directory

Start: Open file or Web copy: Copy file move: Move file del: Delete file

Copy con 123.txt: Create file and write content, CTRL + Z Save

Type 123.txt: View file contents, direct output on terminal

NET use K: \\192.168.3.100\c$ disk Mapping

Net start: View already turned on services net start Telnet: Turn on service

NET user Samaritan (user name) 123 (password)/add: Add user

net localgroup Administrators (group name) Samaritan (user name)/add: Adding users to a group

NET user guest/active:yes: Activating users net user Guest 123: Creating a password

Netstat-an: View network ports and local network connectivity

Tasklist: View System process Taskkill/im cmd.exe: End Process

Create a wireless network hotspot:

Netsh wlan set hostednetwork mode=allow ssid=cc key=12345678

Netsh wlan start hostednetwork

At 22:00 shutdown-s: Add Job

attrib: Viewing file properties

Batch files. Bat is a combination of DOS commands

Windows basic knowledge