System Command Prompt Precautions (1)

The predecessor of the Windows system is the DOS operating system. The user's operation on the computer needs to be completed by inputting commands. After the birth of Windows, the graphical interface replaced the black command interface, and the DOS operating system was gradually forgotten. But DOS is not far away from us, but it has changed its form in the current Windows system, which is the "command prompt." In all hacking incidents, most of the hacking is done through the "command prompt", so the hacker captures the "command prompt", which is equivalent to capturing our system, so in our usual system In security protection, the security of the "command prompt" must not be ignored.

Editing Tips: The Importance of Protecting the "Command Prompt" Security

Although Windows is now a graphical user interface, its work is done through various instructions. The "command prompt" is more like the core of Windows, where we can enter various commands to control the system. In the previous article on overflow attacks, hackers did not directly invade Windows. Instead, they obtained a shell through the overflow code. This shell refers to the hacker's permission to obtain the "command prompt" of the target computer. The hacker can enter the corresponding command in the shell to complete the intrusion step. For example, enter "net user hacker /add" to create a user named hacker. Enter "net localgroup administrators hacker /add" to upgrade the hack user. To administrator privileges. From no permission to administrator privileges on the target computer, the hacker can simply enter two commands in the "command prompt" to complete. It can be seen that the role of "command prompt" in Windows is very large.

Disabling the "net user" command

After getting a shell, a hacker usually checks the account status on the target host first. The command used is "net user". If we disable this command, we can fool the hacker and let him know.

Click "Start" menu → "Run", enter "regedit" Enter to run "Registry Editor", navigate to HKEY_LOCAL_MACHINESAMSAM, right click on SAM item, select "Permission". In the privilege setting window, click "Full Control", click OK. Press F5 to refresh, expand the SAM item, navigate to HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers

Names, right click on the Names item, select "New" → "Item" , the name of the item to enter a space, and then double-click the key on the right will be key to its space. Upon completion of the registry can be closed.
▲ modify the registry

Now the hacker enters the "net user" command in the "command prompt" and will see the tragic echo of "the list is empty." We have reached the goal of hacking.

Disabling the "Command Prompt"

After all, it’s just a flickering rookie hacker. A little experienced hacker can see it, so the safest way is to disable the "command prompt". The method is as follows:

Click "Start" menu→"Administrative Tools"→"Local Security Policy", expand "Security Settings" → "Software Restriction Policy", double-click "Other Rules", on the right Click on the blank space In the menu that appears, select “New Hash Rule.” Click the Browse button at “File Hash” and select the cmd.exe file located in the c:windowssystem32 directory and set its “Security Level” to “Not Allowed. ". Then click OK.

After this setting, all users will not be able to run "Command Prompt", enter "cmd" in "Run" and press Enter. "Because of a software restriction policy Blocking, Windows can't open this program" prompts, the "command prompt" is completely disabled at this time. But sometimes, we still need to use the "command prompt", there is no way to use it yourself, But let the hacker not use it?
▲Set the "Command Prompt" restriction rule

We can set this up: Double-click the "Software Restriction Policy" and find the "Force" option on the right side. The software restriction policy is applied to the following users "Hook for all users except local administrators" option, click OK. Once set, only the local administrator account can use the "command prompt", other non-administrator accounts, such as user will not be able to use the "command prompt", of course, hackers can no longer use the "command prompt" to invade .
▲Set the permission to run the "command prompt"