|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[求助]Network Password Recovery的原理是啥?
原理基本清楚了,对于Domain Network Passwords,只能被lsass.exe加解密, 所以 1、CreateRemoteThread 远程线程注入lsass 2、使用未公开的LsaICryptUnprotectData 来解密credentials buffer |
|
[求助]Network Password Recovery的原理是啥?
自己顶,慢慢在网上找资料。 找到一篇讲解原理的英文文档。 《Exposing the Secret of Decrypting Network Passwords》 http://securityxploded.com/networkpasswordsecrets.php |
|
[求助]Network Password Recovery的原理是啥?
Location of Credential Store Windows 'Credential Store' keeps the user credentials in the encrypted format at user specific locations. The storage mechanism is slightly different for XP and Vista/Win7 platforms. For Windows XP On Windows XP, the encrypted user credentials are stored in the hidden file called 'Credentials' inside both APPDATA and LOCALAPPDATA locations mentioned below. APPDATA Location - C:\Documents and Settings\<username>\Application Data\Microsoft\Credentials\<user sid>\ LOCALAPPDATA Location - C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Credentials\<user sid>\ For Vista & Windows 7 Vista onwards, the user credentials are stored in the multiple files with random name (generated using GUID) inside both APPDATA and LOCALAPPDATA locations mentioned below. (There will be separate credential file for each of the network accounts) APPDATA Location - C:\Users\<username>\AppData\Roaming\Microsoft\Credentials\ LOCALAPPDATA Location - C:\Users\<username>\AppData\Local\Microsoft\Credentials\ Based on type of password and application, one of these locations are chosen to store the corresponding credential file. For example, Windows Live Messenger & Remote Desktop login passwords are stored at LOCALAPPDATA location and all other type of passwords are stored at APPDATA location. |
|
[求助]Network Password Recovery的原理是啥?
顶下,有人帮忙吗? |
|
|
|
[求助]如何结束进程
我在cmd下运行的,没用IDE运行,此时任务管理器进程列表是1个cmd 执行完CreateProcess后,发现任务管理器进程列表是3个cmd 然后执行TerminateProcess后,发现还剩2个cmd进程 |
|
|
|
|
|
[求助]如何结束进程
我先创建了一个cmd进程,代码如下: SECURITY_ATTRIBUTES sa; HANDLE hRead,hWrite; sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = TRUE; if (!CreatePipe(&hRead,&hWrite,&sa,0)) { ShowMessage("Error On CreatePipe()"); return; } STARTUPINFO si; PROCESS_INFORMATION pi; si.cb = sizeof(STARTUPINFO); GetStartupInfo(&si); si.hStdError = hWrite; si.hStdOutput = hWrite; si.wShowWindow = SW_HIDE; si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; if (!CreateProcess(NULL,"cmd.exe" ,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi)) { printf("createProcess fail!\n"); return -1; } 然后在另一个地方杀掉它: TerminateProcess(pi.hProcess,0); WaitForSingleObject(pi.hProcess, INFINITE); printf("kill OK\n"); 执行时,打印了kill OK ,但是cmd.exe还在任务管理器的进程列表里。 请问这是怎么回事? |
|
[求助]如何结束进程
就是不知道什么问题啊。 我先创建了两个匿名管道,分别跟cmd的输入和输出关联, 然后就CreateProcess了cmd进程, 然后想杀掉它,发现在任务管理器的进程列表里还有这个cmd。 是不是匿名管道的问题啊? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值