5.°ü¸®ÀÚ °èÁ¤ º¸¾È
1. ÇöÀç °ü¸®ÀÚ sid°ªÀº ¹«¾ùÀΰ¡?
=>
½ÇÇà(ctrl+r) > cmd
c:\>user2sid administrator
S-1-5-21-796845957-412668190-839522115-500
Number of subauthorities is 5
Domain is KISA-1
Length of SID in memory is 28 bytes
Type of SID is SidTypeUser
c:\>getsid
\\kisa-1 administrator
\\kisa-1 administrator
The SID for account KISA-1\administrator matches account KISA-1\administrator
The SID for account KISA-1\administrator is S-1-5-21-796845957-412668190-839522115-500
2. °ü¸®ÀÚ À̸§À» `eent123x`·Î º¯°æÇÏ¿©¶ó. º¯°æ ÀÌÈÄ °ü¸®ÀÚ sid°ªÀº ¹«¾ùÀΰ¡?
=>
[°ü¸®ÀÚ À̸§ º¯°æ]
"·ÎÄà º¸¾È ¼³Á¤>·ÎÄà Á¤Ã¥ > º¸¾È ¿É¼Ç" ¿¡ Á¤Ã¥Áß
"°èÁ¤ : Administrator °èÁ¤ À̸§ ¹Ù²Ù±â" °ªÀ» eent123x·Î º¯°æÇÑ´Ù.
[º¯°æ ÀÌÈÄ °ü¸®ÀÚ sid °ª]
1¹ø °°Àº ¹æ¹ýÀ¸·Î..
3. °¡Â¥ Administrator °èÁ¤À» ¸¸µé°í guest ±×·ìÀ¸·Î µî·ÏÇÏ¿©¶ó.
=> "Á¦¾îÆÇ > °ü¸®µµ±¸ > ÄÄÇ»ÅÍ °ü¸®"¿¡
"·ÎÄà »ç¿ëÀÚ ¹× ±×·ì > »ç¿ëÀÚ"¿¡¼
"¿À¸¥ÂÊ Å¬¸¯ > »õ »ç¿ëÀÚ"Ŭ¸¯ À̸§À» Administrator·Î Á¤ÇÏ°í È®ÀÎ
¸ñ·Ï¿¡¼ Administrator ¿ìŬ¸¯> ¼Ó¼º¿¡ "¼Ò¼Ó ±×·ì" ÅÇ¿¡¼
"Ãß°¡" Ŭ¸¯> ±×·ì¼±Åÿ¡¼ "°í±Þ" Ŭ¸¯
"Áö±Ý ã±â"Ŭ¸¯ÈÄ ¸ñ·Ï¿¡¼ Guest °èÁ¤ Ŭ¸¯ÇÏ°í È®ÀÎ
±âÁ¸¿¡ µî·ÏµÇ¾îÀÖ´ø ¼Ò¼Ó ±×·ìÀº »èÁ¦ÇÑ´Ù.
4. Æнº¿öµå Å©·¢ ¹æÁö¸¦ À§ÇØ SAM µ¥ÀÌÅÍ º£À̽º¸¦ 128bit·Î ¾ÏÈ£È ½ÃÄѶó.
=> ½ÇÇà>cmd
c:>syskey
Windows XP °èÁ¤ Å×ÀÌÅͺ£À̽º º¸¾È
¾ÏÈ£È »ç¿ë> È®ÀÎ
6.ÆÐÄ¡ ¹× ¾÷µ¥ÀÌÆ® °ü¸®
¡Ø ÁÖÀÇ : MBSA(Microsoft Baseline Security Analyzer)¸¦ ÀÌ¿ëÇÏ¿© ÇØ°áÇϽÿÀ.
1. ÇöÀç ½Ã½ºÅÛ¿¡¼ ¾÷µ¥ÀÌÆ®°¡ ÀÌ·ç¾îÁöÁö ¾Ê¾Ò°Å³ª À߸øµÈ ¾÷µ¥ÀÌÆ®´Â
¸ðµÎ ¸î °³ Àΰ¡?
=> C:\Program Files\Microsoft Baseline Security Analyzer\mbsa¸¦ ½ÇÇàÇÑ´Ù.
17°³
2. ÇöÀç ½Ã½ºÅÛ¿¡¼ ³ªÅ¸³ Ãë¾àÁ¡Àº ¸ðµÎ ¸î °³ Àΰ¡?
0°³
7.Windows XP Æú´õ º¸¾È
Windows XP ProfessionalÀ» »ç¿ëÇÏ´Â Áß¼Ò±â¾÷¿¡¼ °³ÀÎ °øÀ¯ Æú´õ¿¡ ´ëÇÑ º¸¾ÈÀ»
¾Æ·¡¿Í °°ÀÌ ¼³Á¤ÇÏ·Á°í ÇÑ´Ù.
1. `4ºÐ±â¿µ¾÷ÀÚ·á` °øÀ¯ Æú´õ¸¦ share_user ¶ó´Â »ç¿ëÀÚ¸¸ ³×Æ®¿öÅ©¸¦ ÅëÇØ
Àб⠰¡´ÉÇϵµ·Ï ¼³Á¤ÇÏ¿©¶ó.
=> ÇØ´ç Æú´õ ¿ìŬ¸¯ > "°øÀ¯ ¹× º¸¾È" Ŭ¸¯
°øÀ¯¼³Á¤ È®ÀÎÇÑ´Ù.
»ç¿ëÀÚ Á¦ÇѼ³Á¤ÀÌ ³ª¿ÀÁö ¾Ê´Â´Ù¸é Ž»ö±â>µµ±¸>Æú´õ ¿É¼Ç "º¸±â"ÅÇ¿¡¼
"¸ðµç »ç¿ëÀÚ¿¡°Ô µ¿ÀÏÇÑ Æú´õ °øÀ¯ °ÇÇÑÀ» ÁöÁ¤"¿¡ üũ¸¦ ÇØÁ¦ÇÑ´Ù.
"»ç¿ë±ÇÇÑ" Ŭ¸¯ > "Ãß°¡" Ŭ¸¯ > "°í±Þ" Ŭ¸¯ > "Áö±Ý ã±â" Ŭ¸¯
share_user ¸¦ ã¾Æ¼ È®ÀÎ
±âÁ¸¿¡ µî·ÏµÈ ±×·ì¶Ç´Â »ç¿ëÀÚ´Â »èÁ¦ÇÑ´Ù.
2. `4ºÐ±â¿µ¾÷ÀÚ·á` Æú´õ¿¡ Á¢±ÙÇÒ »ç³» Á÷¿øÀº 10¸íÀÌ ³ÑÁö ¾ÊÀ¸¹Ç·Î 10¸í¸¸
µ¿½Ã Á¢¼ÓÀÌ °¡´ÉÇϵµ·Ï ¼³Á¤ÇÏ¿©¶ó
=>
"°øÀ¯ ¹× º¸¾È"¿¡¼ »ç¿ëÀÚ Á¦ÇÑ> "Çã¿ë Àοø"À» 10À¸·Î ¼³Á¤
8.Å͹̳Π¼ºñ½º º¸¾È
1. `ftp_user` °èÁ¤¸¸ Å͹̳Π¼ºñ½º¿¡ ·Î±×¿Â ÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇÏ¿©¶ó.
=> "½ÇÇà" > "compmgmt.msc"(ÄÄÇ»ÅÍ°ü¸®)
"½Ã½ºÅÛ µµ±¸" > "·ÎÄà »ç¿ëÀÚ ¹× ±×·ì" > "»ç¿ëÀÚ" > "ftp_user"Ãß°¡
³» ÄÄÇ»ÅÍ > ¼Ó¼º > "¿ø°Ý"ÅÇ¿¡¼ ¿ø°Ýµ¥½ºÅ©Åé¿¡ »ç¿ëÀÚ Ãß°¡ ftp_user
2. ±âº»ÀûÀÎ Å͹̳Π¼ºñ½º Æ÷Æ® 3389/tcp¸¦ 3147Æ÷Æ®·Î º¯°æÇÏ¿©¶ó.
¾Æ·¡ ·¹Áö½ºÆ®¸® °æ·Î·Î À̵¿ÇÏ¿© Å͹̳Π¼ºñ½º Á¢¼Ó Æ÷Æ®¸¦ º¯°æ ÇÏ¿© ÁØ´Ù.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp ¿¡¼ Port number ¼öÁ¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp ¿¡¼ Port number ¼öÁ¤
10Áø¼ö¸¦ ¼±ÅÃÇÏ°í 3147À» ³Ö¾îÁÖ¸é µÈ´Ù.
9.·¹Áö½ºÆ®¸® º¸¾È
¿úÀÌ ½Ã½ºÅÛ ½ÃÀÛ ½Ã ·¹Áö½ºÆ®¸®·ÎºÎÅÍ ½ÇÇàµÇ´Â °ÍÀ» ¸·±â À§ÇØ ÀÚµ¿ ½ÇÇà°ü·Ã
·¹Áö½ºÆ®¸® Å°¸¦ ã¾Æ °ü¸®ÀÚ ±×·ì(administrators), ½Ã½ºÅÛ ±×·ì(SYSTEM)¸¸
Á¢±Ù °¡´ÉÇϵµ·Ï ¼³Á¤ÇÏ¿´´Ù.
1. ¹ÙÀÌ·¯½º ¿ú ¹× ¾Ç¼º ÇÁ·Î±×·¥ÀÌ ½Ã½ºÅÛ¿¡ ¼³Ä¡µÇ¾ú´ÂÁö °¨»çÇÏ°íÀÚ ÇÑ´Ù.
ÀÚµ¿ ½ÇÇà °ü·Ã ·¹Áö½ºÆ®¸® Å°ÀÇ `°ª ¼³Á¤`, `»èÁ¦`, `ÇÏÀ§ Å° Ãß°¡ ¼º°ø`,
`¿¬°á ¸¸µé±â` À̺¥Æ® ¹ß»ý½Ã °¨»ç·Î±×°¡ ³²µµ·Ï ¼³Á¤ÇÏ¿©¶ó.
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionÀÇ Run, RunOnce, RunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionÀÇ Run, RunOnce, RunServices, RunServicesOnce
2. Æнº¿öµå ¹«ÀÛÀ§ ´ëÀÔ °ø°ÝÀ̳ª ¹ÙÀÌ·¯½º ¿ú °¨¿°À» ¸·±â À§ÇØ ¿ø°Ý¿¡¼
·¹Áö½ºÆ®¸® Á¶ÀÛÀ» Çã¿ëÇÏÁö ¾Êµµ·Ï ¼³Á¤ÇÏ¿©¶ó
=> ½ÇÇà > services.msc
"Remote Registry" Ç׸ñ "»ç¿ë ¾ÈÇÔ"À¸·Î ¼³Á¤