Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to analyze the permissions of the windows server. The content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

1. Common windows users and user groups

1 、 System

The user with the highest privileges on the local machine

2 、 Administrator

Basically the user with the highest privileges on the local machine

3 、 Guest

Users with relatively few permissions are disabled by default

4 、 Administrators

Highest privilege user group

5 、 Backup Operators

Not as high as Administrators, but pretty much.

6 、 Guests

Same permissions as user group

7 、 Distributed Com Users

Domain and domain controller related user groups

8 、 Network Configuration Operators

Specialize in managing network configuration

9 、 Performance Log Users

Specially schedule the logging of performance counters remotely

10 、 Performance Monitor Users

Specializes in remote monitoring of the operation of computers

11 、 Power Users

Lower than Administrators, higher than Guests group

12 、 Print Operators

Lower than Administrators group permissions

13 、 Users

User account group, low-privilege user group

14 、 IIS_WPG

If IIS is installed, the account used to run and control the web application

II. Windows directory permissions

1. Right-click a file or folder to modify its read and write permissions

2. Click add to include the corresponding user group.

3. Default permissions of windows2003

1. Only static http servers are installed by default

2. The anonymous account no longer has write permission to the root directory of the web server.

3. Access to the parent directory is disabled by default in IIS6.0

4. Adhere to the minimum principle, do not give extra permissions to files, do not give write permissions to those that need to be executed, do not give executive permissions to those who need to write permissions, and so on.

4. Differences in the operation of Trojans in different environments

1. Running Trojans on the system is run with system permissions, while running Trojans under Webshell is run with the current built-in middleware (IIS,apache,tomcat) permissions.

2. IIS runs under the IIS IUSER security account, and the third software is generally run with administrator privileges.

5. Common server ports

1, 445 port

SMB,windows protocol family, port 445 is a mixed reputation port, with which we can easily access a variety of shared folders or shared printers in the local area network, but it is precisely because of it, hackers have the opportunity to secretly share your hard drive through this port, and even format your hard drive quietly, the eternal blue loophole is to take advantage of this port.

2. 137Universe 138Universe 139 port

137,138 are UDP ports, which are mainly used to transfer files in the intranet, while NetBIOS and smb services are mainly obtained through port 139.

3. 135 port

135Port is mainly used to use RPC (RemoteProcedureCall, remote procedure call) protocol and provide DCOM (distributed component object Model) services. Through RPC, programs running on a computer can be guaranteed to execute code on a remote computer smoothly; using DCOM can communicate directly through the network and can be transmitted across a variety of networks, including HTTP protocol.

4, 53 port

Port 53 is the communication port for DNS services, so generally speaking, this port will not be closed until it is a last resort.

5. 389 port

Port 389 on the server is used for LDAP, using TCP and UDP protocols. When the client accesses the server's LDAP service, it first uses the TCP protocol to connect to port 389 of the server, and if it fails, it uses UDP instead. This port usually appears on the domain control during the domain process.

6, 88 port

Kerberos protocol is a bai network authentication method based on key distribution model. The du protocol enables real zhi entities communicating on the network to prove each other's identity, and the protocol can prevent eavesdropping or replay attacks. The Kerberos key Distribution Center (KDC) listens for ticket requests on this port. Port 88 of the Kerberos protocol can also be TCP/UDP.

7, 5985 port

The port is a WinRm service that allows remote users to use tools to manage windows servers and obtain data.

About how to carry on the windows server authority analysis to share here, hope that the above content can have some help to everyone, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.