In all hacking incidents, most of the hacking is done through the "command prompt", so the hacker captured the "command prompt", which is equivalent to capturing our system, so, in our In the usual system security protection, the security of the "command prompt" can never be ignored.
Editing Tips: Protecting the Importance of "Command Prompt" Security
Although Windows is now a graphical user interface, its work is still through The instructions are completed, and the "command prompt" is more like the core of Windows, where we can enter various commands to control the system. In the previous article on overflow attacks, hackers did not directly invade Windows. Instead, they obtained a shell through the overflow code. This shell refers to the hacker's permission to obtain the "command prompt" of the target computer. The hacker can enter the corresponding command in the shell to complete the intrusion step. For example, enter "net user hacker /add" to create a user named hacker. Enter "net localgroup administrators hacker /add" to upgrade the hack user. To administrator privileges. From no permission to administrator privileges on the target computer, the hacker can simply enter two commands in the "command prompt" to complete. It can be seen that the role of "command prompt" in Windows is very large.
Disabling the "net user" command
After getting the shell, the hacker usually checks the account status on the target host first. The command used is "net user". If we disable this command, we can fool the hacker and let him know.
Click "Start" menu → "Run", enter "regedit" Enter to run "Registry Editor", locate HKEY_LOCAL_MACHINESAMSAM, right click on SAM item, select "Permission". In the privilege settings window, click "Full Control", click OK. Press F5 to refresh, expand the SAM item, navigate to HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers
Names, right click on the Names item, select "New" → "Item" Enter a space in the name of the item, then double-click the key on the right to set its key value to a space. Close the registry when finished.
▲Modify the registry
Now the hacker enters the "net user" command in the "command prompt" and will see the tragic echo of "the list is empty." We have reached the goal of hacking.
Disabling the "command prompt"
After all, it’s just a flickering rookie hacker. A little experienced hacker can see it, so the safest way is to disable the "command prompt" as follows:
Click "Start" menu → "Administrative Tools" → "Local Security Policy", expand "Security Settings" → "Software Restriction Policy", double-click "Other Rules", blank on the right side Right click and select “New Hash Rule” from the menu that appears. Click the Browse button at “File Hash” and select the cmd.exe file located in the c:windowssystem32 directory and set its “Security Level” to “No”. Allowed. Then click OK.
After this setting, all users will not be able to run "Command Prompt", enter "cmd" in "Run" and press Enter. "Because of a software limitation The policy prevents, Windows can't open this program. This prompt, the "command prompt" is completely disabled at this time. But sometimes, we still need to use the "command prompt", there is no way to do it yourself. Use, but let hackers not use it?
▲Create a "command prompt" restriction rule
We can set this: double-click "software restriction policy", find "force" on the right side Option, in the "Apply software restriction policy to the following users" check out all users except local administrators" option, click OK. Once set, only the local administrator account can use the "command prompt", other non-administrator accounts, such as user will not be able to use the "command prompt", of course, hackers can no longer use the "command prompt" to invade .
▲Set the permission to run the "command prompt"
Some friends on the hard disk partition and how to use Fdisk to partition and use the magician to ad
The netsh command has been released for a long time, with Netsh commands in Windo
Recently, some netizens asked the author a technical professional question about
Recently, the author has asked such a question in the major IT forums, Baidu know
Personality settings CMD command line is not allowed to let go
How to use the Ping command to check the reason why you can't access the Internet?
IP address simplification usage of the ping command
A command to solve the system N multi-fault
When the SYS command is used, the
Copy and paste shortcuts under cmd command line
Using the command line parameters to patch the system
Use the "Send To" command to easily transfer files
How to use the curl command under Windows?
How to uninstall the application downloaded from the win10 app store
Win10 preview version 10051 demo video exposure
Win7 library to help you quickly find files (1)
Control Windows presentation settings using the command line
How do I disable automatic driver installation?
How to adjust the width of the Win10 system right-click menu?
How to use the firewall in vista and precautions