лекц+лаб по Windows
.pdf
2
-
2.1 
WINDOWS XP
.
;
;
:
«Kerberos».
.
:
;
;
;
;
;
, 
.
.
, 
,
:
;
;
.
Kerberos.
Kerberos |
, |
Active Directory. 
Kerberos
. 
Windows, 
. 
,
.
|
, |
|
, |
: |
|
|
; |
|
|
; |
|
|
; |
|
|
|
; |
|
' |
. |
|
|
. |
. 
14 
NTFS, 
, 
,
87
. |
|
|
|
|
, |
, |
|
, |
. |
|
, |
|
|
|
|
|
|
, |
|
, |
, |
. |
|
- |
' |
|
Windows, |
|
' |
|
|
|
. |
||
|
|
|
|
|
|
|||
, |
|
|
|
|
(impersonation). |
, |
|
|
, |
|
|
|
|
, |
|||
|
(delegation). |
|
, |
|
, |
|
|
|
|
|
|
|
|
(System |
|||
Identifier - SID) |
|
|
(Group Identifier - GID) |
|
||||
|
|
|
|
|
||||
|
lsass.exe, |
|
|
|
, |
|
. |
|
|
|
|
, |
, |
|
|
, |
|
|
|
|
|
. |
, |
|||
|
, |
|
|
|
: |
|
||
|
|
|
|
|
|
|
||
WHOAMI /all |
|
|
|
|
|
, |
||
|
|
(security reference monitor) Windows |
|
|
||||
|
|
|
|
|
||||
, |
|
|
|
. |
|
, |
|
|
|
|
|
|
. |
|
|
||
|
|
' |
|
Windows, |
|
, |
, |
|
|
|
|
|
|
||||
|
, |
, |
|
, |
|
|
. |
- |
|
Windows |
|
|
(Share) |
, |
|
|
|
- |
' |
. |
|
(folder) |
(printer). |
|
||
|
|
|
|
|||||
|
, |
|
|
' |
|
|
|
|
. |
|
|
(Folder Share) |
|
|
(Full |
||
Control), |
|
(Change), |
(Read). |
|
|
|||
|
Windows |
|
|
|
NTFS, |
FAT, |
||
, |
|
, |
|
|
|
' |
|
|
NTFS. |
NTFS |
|
|
, |
|
|
|
|
|
' |
. |
|
|
NTFS |
|
|
, |
(Security). |
|
« |
|
» |
(Properties) |
|
« |
» |
|
|
|
|
|
|
|
|
|
Windows.
.
: 
. 
. 
,
.
88
2.2 
'
|
|
|
|
Windows |
|
|
|
|
|
|
TCP/IP. |
|
|
« |
», |
« |
», « |
TCP/IP |
», |
« |
|
||||||
|
|
|
». |
|
, |
|
|
|
|
|
, |
« |
», |
|
|
« |
|
(TCP/IP)», |
|
», |
|
|
« |
|
« |
». |
|
« |
|
|
|
(TCP/IP)» |
|
|
« |
|
». |
« |
». |
|
« |
TCP/IP» |
|
« |
». |
|
« |
|
|
|
TCP/IP ( |
)». |
, |
|
, |
|
|
|
. |
|
|
|
|
|
. |
|
|
|
|
|
|
|
. |
|
|
|
|
|
|
|
|
|
|
|
|
, |
|
. |
|
|
|
|
|
, |
: |
|
, |
|
|
|
|
|||
|
; |
|
|
|
|
|
|
|
|
, |
|
, |
|
|
|
|
' |
|
. |
|
. 
:
,
.
|
|
, |
. |
|
|
|
' |
||
|
|
|
||
|
Windows |
NetWare. |
. |
|
|
|
' |
||
|
|
|
||
« |
» (My |
network places). |
|
|
|
' |
|
, |
|
|
|
. |
, |
|
, |
, |
. |
. |
|
' |
|
|
||
' |
, |
« |
||
» (Active Directory). |
||||
|
|
, |
||
' |
|
. |
|
|
, |
|
|
. |
|
|
|
|
89
'
'
, 
|
. |
|
|
|
|
|
|
|
|
, |
|
|
|
|
, |
|
INF, |
|
. |
|
|
|
|
|
|
|
|
, securedc.inf, |
|
|
|
|
|
|
|
%systemroot%\security\templates\. |
|
|
|
|
|
|
||
' |
|
: |
' _ ' |
_ |
_ |
|
\Computer |
|
|
|
|
||||||
Configuration\WindowsSettings\ SecuritySettings\ |
|
: |
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
' |
|
|
|
|
|
« |
|
|
», |
« |
|
|
|
» |
|
|
|
INT; |
|
|
|
|
|
|
|
|
|
|
|
|
|
« ' |
|
» « |
|
|
», |
|
|
« |
»; |
|
|
|
|
XML |
|
|
|
|
|
|
|
|
|
|
|
/g: |
_ ' _ ' |
_ |
scwcmd |
transform/p: |
_ |
|
.xm |
|
|
|
, |
|
|
' |
|||
|
, |
|
' |
|
|
|
|
|
|
. |
|
|
|
|
|
|
|
|
, |
|
|
|
, |
|
|
|
|
, |
|
|
|
|
|
|
|
|
: |
|
|
|
|
|
|
|
|
, |
|
|
|
' |
|
|
|
Active |
Directory, |
|
|
|
, |
|
|
, |
( |
XML). |
|
|
|
|
|
|
|
|
' |
|
|
|
|
|
|
|
|
, |
|
|
|
|
scwcmd.exe |
. |
|
|
|
|
' |
|
Active |
Directory, |
, |
|
|
, |
, |
|
' |
' |
. |
||
|
|
|
|
|||||
|
, |
, |
|
|
|
|
, |
|
|
|
|
|
|
|
|
||
INF-
, 
XML-
.
XML-
, 
,
« 
», 
,
.
90
|
|
. |
« |
» |
, |
|
, |
. |
|
|
, |
. |
|
. |
|
|
. |
:
|
|
|
; |
|
|
|
|
; |
|
|
|
|
|
; |
|
|
|
. |
|
|
« |
» |
« |
» 
, 
'
, 
. 
.
, 
. 
« 
»
, 
,
. 
« 
»
:
;
;
.
2.3
Windows
|
/e, |
|
reg- |
|
. |
|
, |
. |
, |
, |
, |
. |
|
||
|
|
|
|
HKEY_CURRENT_USER\Software\Far |
far.reg |
|
|
regedit /e c:\far.reg HKEY_CURRENT_USER\Software\Far |
|||
far.reg, |
|
|
:\\ |
|
|
|
|
. |
, |
|
, |
|
. |
|
|
, |
« |
» |
. |
|
|
: |
|
|
|
|
91 |
REG_BINARY 
, 
. |
|
|
. |
|
|
REG_DWORD |
|
, |
|
|
|
|
|
|
|
||
. |
|
, |
|
|
|
. |
|
|
(0 - |
|
, 1 - |
). |
|
|
|
|
|
REG_SZ |
|
|
Unicode |
- |
|
. |
|
|
, |
|
|
, |
, |
. |
|
|
|
REG_EXPAND_SZ - |
|
REG_SZ, |
|
|
|
|
%SystemRoot%\System32, |
|
. |
|
|
Windows |
|
%SystemRoot% |
' |
, |
|
.
REG_MULTI_SZ 
REG_SZ. 
, 
, 
IP-
,
|
|
|
. |
|
|
|
|
REG_FULL_RESOURCE_DESCRIPTOR |
|
|
|||
|
REG_NONE |
|
, |
- |
|
. |
|
|
, |
|
, |
|
|
|
. |
|
|
|
|
, |
|
|
|
, |
|
|
. |
|
|
|
. |
|
|
|
|
HKEY_LOCAL_MACHINE |
(HKLM) |
|
|
, |
|
|
|
' |
. |
HARDWARE |
|
|
|
|
|
. |
, |
|
, |
|
|
|
|
|
|
|
|
|
|
|
Plug-and-Play, |
|
|
|
|
, |
|
. |
, |
|
|
|
|
|
|
||
' |
. |
, |
|
|
|
|
|
, |
|
|
, |
. |
|
|
HKEY_USERS (HKU) |
|
|
, |
||
|
|
|
|
|||
- |
|
. |
, |
|
|
|
|
. |
|
|
, |
, |
|
|
|
|
|
|||
|
|
, |
|
|
|
. |
|
HKEY_CURRENT_CONFIG (HKCC) |
|
|
|
||
|
|
|
' |
. |
, |
|
|
. |
|
|
|
, |
|
|
|
|
|
|
|
|
HKLM. |
|
|
|
|
|
|
|
HKEY_CURRENT_USER |
(HKCU) |
. |
|
|
|
|
, |
|
|
Microsoft |
, |
|
92
HKCU.
, HKCU\Software\Microsoft\Windows\Current Version\Applets\Paint
Paint.
HKEY_CLASSES_ROOT (HKCR) |
|
|
||||
|
|
OLE. |
|
|
HKLM\Software\Classes. |
|
|
|
|
|
|
|
, |
|
|
, |
' |
. |
|
|
|
|
REG- |
. |
|
: |
|
|
REGEDIT4 - |
|
|
|
||
|
reg- |
, |
|
|||
|
Windows 98/NT. |
|
|
|
||
|
Windows |
Registry |
Editor |
Version |
5.00 |
, |
|
|
|
|
Windows 2000 |
. |
|
|
|
|
|
|
. |
|
|
, |
|
|
|
. |
|
|
, |
. |
. |
REG- |
|
|
|
, |
|
|
|
. |
|
|
|
|
|
|
||
|
|
, |
|
|
|
' . |
|
, |
. |
|
|
|
|
|
|
, « |
» |
REG- |
. |
, |
|
|
|
|
|
|
|
|
, |
. |
|
|
, |
. |
|
|
REG- |
. |
|||
|
|
|
|
. |
||
|
|
|
|
|
|
|
|
|
|
«-». |
|
|
' |
|
reg- |
|
|
. |
|
|
|
|
|
|
|
||
|
reg- |
|
|
|
, |
|
|
|
|
bat- |
|
REGEDIT /S |
|
"D:\path\filename.reg"
/S, (silent), 
.
reg- 
. 
:
REGEDIT /EA «D:\path\filename.reg» «HKEY_CURRENT_USER\name»
/EA, export ANSI, |
|
REGEDIT4, |
ANSI. |
/E, Windows 2000/XP |
|
UNICODE, |
UNICODE, |
reg- |
, |
, |
|
93
. Windows 95/98/Me/NT 
ANSI.
2.4
, 
|
|
TCPView. |
|
|
|
|
|
|
TCPView |
, |
|
Windows, |
' |
|
|
|
|
TCP |
UDP |
|
, |
|
|
|
|
TCP- ' |
|
|
|||
|
|
|
|
, |
' |
, |
|
|
TCP |
UDP, |
. |
|
TCPView |
|
|
' |
|
IP- |
. |
|
|
||
|
|
TCPView |
|
Netstat, |
|
|
|
|
Windows. |
|
TCPView |
Tcpvcon |
|||
|
. |
|
|
||||
|
|
. |
|
, |
|
|
|
|
|
Xspider. |
|
|
|
|
|
|
XSpider |
|
|
, |
|
|
|
|
|
|
|
|
|||
|
|
' |
, |
|
. XSpider |
|
|
|
|
|
|
|
|
||
|
: AIX, Solaris, Unix- |
, Windows |
. |
|
|
||
|
MS Windows 95/98/Millenium/NT/2000/XP/.NET. |
|
|
||||
|
XSpider |
|
. |
|
' |
|
|
|
|
|
XSpider |
|
|
|
|
|
Positive |
Technologies. |
|
|
|
||
|
. XSpider |
|
, |
, |
|
|
|
XSpider |
|
|
XSpider |
|
|||
|
|
, |
. |
7, |
|||
|
|
, |
|
|
|
, |
|
|
|
|
|
|
|
||
|
|
|
|
. |
, |
Xspider |
7 |
|
|
|
|
, |
|
|
|
.
2.5
APS 
.
APS
, 
.
APS
:
94
|
|
, |
|
, |
|
|
, |
. |
|
APS |
|
, |
|
Backdoor |
|
; |
|
|
|
|
|
. |
|
|
|
' |
|
APS |
|
, |
|
APS |
|
, |
|
|
|
; |
|
|
|
|
|
Firewall. |
|
|
- |
APS |
' |
Firewall |
|
||
|
. |
APS |
|
, |
- |
|
Firewall |
|
|
. |
APS |
|
|
Firewall |
|
Firewall |
' - |
|
|
|
; |
|
|
|
|
Backdoor |
. |
|
|
|
|
, |
|
|
|
|
|
, |
, |
|
, |
|
Backdoor |
|
|
|
|
|
, |
; |
|
|
|
|
|
, |
IDS. |
|
|
|
|
|
|||
APS |
|
|
|
. |
, |
, |
|
, |
|
, |
|
|
|
|
|||
|
API Windows. |
|
. |
|
|
|
|
, |
|
|
|
|
. |
|
|
|
|
: |
|
|
|
|
|
|
|
|
|
|
|
#DATE# - |
|
, |
|
|
|
, |
DD.MM.YYYY; |
|
|
|
|
#TIME# - |
|
, |
|
|
|
, |
HH24.MI.SS; |
|
|
|
|
#DATETIME# - |
|
|
|
, |
|
|
, |
DD.MM.YYYY HH24.MI.SS; |
|
||
#UNIXDATE# -
,
;
#UNIXDATETIME# -
,
;
#RAND_BIN# -
, 
50 
,
250;
#RAND_TXT# -
,
#RAND_BIN# |
50 |
, |
|
- 250. |
|
, |
|
|
32 127, |
, |
|
; |
|
|
|
|
|
$xx - |
, xx - |
|
|
$00, $01 .... |
, |
0 - 9 |
' |
|
, |
|
95
|
|
, |
|
($0D |
$0A). |
|
|
|
|
||
, |
#TIME#, #DATETIME#, #UNIXDATE#, #UNIXDATETIME# |
||||
|
|
APS |
|
, |
|
|
, |
, |
|
APS, |
. |
|
|
|
|
||
#RAND_BIN# |
#RAND_TXT# |
|
|
|
|
, |
|
|
|
. |
|
2.6 |
|
|
|
|
, |
Network Monitor |
|
: |
, |
|
|
Windows |
, |
|
|
|
Systems |
Management Server. |
|
|
|
|
|
, |
|
, |
|
|
|
, |
|
. |
|
|
, |
|
|
|
|
, |
|
Network Monitor |
|
|
|
|
|
Network |
Monitor |
|
. |
|
|
|
|
, |
|
||
|
|
|
|
; |
, |
|
|
, |
|
; |
, |
|
|
, |
|
|
. |
|
|
, |
|
, |
|
.
|
|
|
|
|
Capture |
Networks. |
, |
' |
, |
|
|
|
, |
' |
, |
' |
. |
, COM- |
|
RAS, |
|
|
|
|
|
||
|
|
Iris The Network Traffic Analyzer, |
|
, |
||
|
|
|
, |
, |
|
|
. Iris The Network Traffic Analyzer |
|
|
||||
|
|
|
|
. |
|
|
(decode module), |
|
, |
|
|
||
|
|
|
|
|||
, |
|
|
|
|
|
. |
, IP- |
|
DNS- |
, |
' |
, |
, |
|
|
|
||||
. |
|
|
, |
|
, |
|
|
, |
|
, |
|
||
|
|
. |
|
|
||
|
|
|
|
|
|
|
.
96