当前位置：网站首页>Network Security Learning (16)

Network Security Learning (16)

2022-07-25 22:52:00 【Shake light·】

install win10 win2016 A little

install kali

Select first

Set account password

Partition —— All the way to the next step

Choose yes here

Install the default software

yes

Source （ Warehouse ）

Linux When the operating system installs the software , Several installation methods , The simplest way is to extract the software package from the source and install it directly

kali Is based on debian Package management dep Source used apt

centOS Based on red hat Source used yum

Use root Users go in kali Command line

kali Configuration file location of the source /etc/apt/source.list

Input vim /etc/apt/source.list

because kali Official sources are often not connected , So we modify it manually

Input # Comment out the official source and add Alibaba's source

Press when finished esc, In the input ：wq Save and exit

Input apt-get update Update source

Registry foundation

1、 summary

• The registry is Windows operating system 、 The core of hardware devices and customer applications to run normally and save settings “ database ", It can also be said to be a very huge tree hierarchical database system
• The registry records the software installed by the user on the computer and the correlation information of each program , It includes the hardware configuration of the computer , Including automatically configured plug and play devices and descriptions of various existing devices 、 Status attributes and various status information and data . Use a powerful registry database to uniformly and centrally manage the system hardware facilities 、 Software configuration and other information , Thus, it is convenient to manage , Enhance the stability of the system

2. Early registry

With ini Text folder with extension

3.Windows 95 The registry after

• since Vindows95 Operating system start , The registry really becomes Vindows. Content that users are often exposed to , And continue to be used in subsequent operating systems
The registry database consists of multiple files
Windows Provides a registry editor

function ——regedit Open the registry

The structure of the registry

• The registry is presented in a tree structure
subtree （ There are actually only two subtrees , For ease of operation , Divided into 5 Kezi tree ）
• HKEY_LOCAL_MACHINE: Record information about the local computer system , Including hardware and operating system data
• HKEY_USERS: Record information about dynamically loaded user profiles and default profiles
• HKEY_CURRENT_USER:HKEY_USERS subtree , It points to HKEY_USERS\ Current user's security whole ID” Contains the user profile of the user currently logged in interactively
• HKEY_CURRENT_CONFIG:HKEY_LOCAL_MACHINE subtree , Point to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current package Device drivers loaded with information about the hardware configuration files used by the local computer system at startup 、 The resolution to use when displaying
• HKEY_CLASSES_ROOT:HKEY_CURRENT_USER The subtree contains information for various OLE Technology and Literature Information of piece class associated data

term
• You can simply understand folders , Items can contain items and values .

value
• Each registry key or subkey can contain data called a value
• Some values apply to a user's information
• Partial values apply to information for all users of the computer
• The value consists of three parts （ Name of value 、 Value type 、 The value of the data ）

The basic operation of the registry

1. Create item

2. Create values

        • A string value (REG_SZ): National length text string
        • Binary value (REG_BINARY)： Raw binary data . Most hardware component information is stored in binary data
        • DWORD value (REG_DWORD)： Data from 4 A number of bytes long indicates , Many parameters of device drivers and services are of this type
        • QWORD value (REG_QWORD): Data from 8 A number of bytes long indicates
        • Multiple string values (REG_MULTI_SZ)： Multiple strings . A value that contains a list or multiple values is usually of this type
        • Expandable string value (REG_EXPAND_SZ)： Variable length data string . The data type contains variables that are resolved when the data is used by the program or service

3. modify 、 Delete and rename

Registry editing skills

Find string 、 Value item
Add children to favorites
Print registry
Copy item name

Registry maintenance

1、 Common phenomena after the registry is destroyed

• Unable to start the system
• Unable to run or run legitimate applications
• Cannot find the file needed to start the system or run the application
• No access to the application
• The driver cannot be installed or loaded correctly
• Unable to make network connection
• There is an error in the registry entry

2、 Reason for registry corruption

• Application error ： After installing too much software in the system , There may be conflicts between each other
• The driver is not compatible ： When installing the system, many drivers are installed automatically , It is easy to cause incompatibility between different hardware drivers , It is recommended to download the corresponding stable driver from the official website for installation
• Hardware problem ： Mainly in the quality of hardware , For example, the poor quality of hard disk or memory causes reading and writing errors 、 Overclock 、CMOS、 Viruses, etc
• Misoperation ： Misoperation is the most common cause , May cause registry errors , In serious cases, the system will collapse or fail to start

3、 Backup registry

• Directly back up the registry database file
• Export registry
Find the corresponding item and directly select export

Right click —— export

4. Restore the registry

Registry optimization

• Remove excess DLL file
Open registry editor , Lock to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs" term , What is stored under this item is shared DLL Information , Pay attention to the data in brackets , It represents the number of shared files , If 0, You can delete it

• Install and uninstall application spam
         Open registry editor , Lock to "HKEY_CURRENT_USER\SOFTWARE" Xiang He "HKEY_LOCAL_MACHINE\SOFTWARE" term , These two items include applications in the system , For a known program is known , It is mainly aimed at deleting some unknown programs and some residual programs that have been uninstalled
• Useless information generated during system installation
Delete redundant time zones （ Only the Beijing time zone is reserved if necessary ）
                • Lock to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones" term
         Clear redundant language codes （ English 1 0409、 Chinese 1 0804）
• Lock to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NIs\Locale" term

Delete redundant keyboard layouts
• Lock to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts'" term , Each of the following sub items represents a keyboard layout

Subnet partition

Move the host bit back and forth , Divide subnets or hypernets

mac Address supplement

front 24 position （ Binary system ） Manufacturer code , after 24 A serial number , The only global

Individual equipment ： When the first 8 Position as 0 The time of indicates that it is a separate device , Unicast address
A set of equipment ： When the first 8 Bitwise 1 The time of indicates a group of devices , Multicast address
All devices ：FF-FF-FF-FF-FF-FF Broadcast address

00-00-00-00-00-00: Default populated address , Don't know each other's MAC Address time , It will automatically fill in a purpose MAC Address