山东大学软件学院系统安全名词解释+大题复习总结
资源内容介绍
lfb老师大三上的网安限选课,自己整理总结名词解释和大题,熟练背诵基本可得高分 <link href="/image.php?url=https://csdnimg.cn/release/download_crawler_static/css/base.min.css" rel="stylesheet"/><link href="/image.php?url=https://csdnimg.cn/release/download_crawler_static/css/fancy.min.css" rel="stylesheet"/><link href="/image.php?url=https://csdnimg.cn/release/download_crawler_static/89894425/raw.css" rel="stylesheet"/><div id="sidebar" style="display: none"><div id="outline"></div></div><div class="pf w0 h0" data-page-no="1" id="pf1"><div class="pc pc1 w0 h0"><img alt="" class="bi x0 y0 w1 h1" src="/image.php?url=https://csdnimg.cn/release/download_crawler_static/89894425/bg1.jpg"/><div class="c x1 y1 w2 h2"><div class="t m0 x2 h3 y2 ff1 fs0 fc0 sc0 ls0 ws0">系统安全<span class="ff2"> </span>名词解释<span class="_ _0"> </span><span class="ff2 fc1"> </span></div><div class="t m0 x3 h4 y3 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. /etc/passwd</div><div class="t m0 x4 h5 y4 ff3 fs1 fc0 sc0 ls0 ws0">(1)<span class="_ _2"> </span><span class="ff4 fs2">/etc/passwd<span class="_ _2"> </span></span> <span class="ff5">是类</span>Unix<span class="ff5">系统中的一个重要文件,用于存储用户账户的基本信息。</span>(2)<span class="ff5">每个</span></div><div class="t m0 x4 h5 y5 ff5 fs1 fc0 sc0 ls0 ws0">用户账户在该文件中都有一行记录,这些记录包含了用户的基本信息,如用户名、用户<span class="ff3"> ID</span></div><div class="t m0 x4 h5 y6 ff5 fs1 fc0 sc0 ls0 ws0">(<span class="ff3">UID</span>)、组<span class="ff3"> ID</span>(<span class="ff3">GID</span>)、用户的全名、主目录路径、登录<span class="ff3"> shell </span>等。</div><div class="t m0 x4 h5 y7 ff5 fs1 fc0 sc0 ls0 ws0">查看用户(用户账户的详细信息在此文件中更新。)<span class="ff3">(3)</span>所有用户均可读<span class="ff3">/etc/passwd</span>,只有超</div><div class="t m0 x4 h5 y8 ff5 fs1 fc0 sc0 ls0 ws0">级用户可以写<span class="ff3">/etc/passwd</span></div><div class="t m0 x4 h5 y9 ff5 fs1 fc0 sc0 ls0 ws0">是一个文本文件,其中包含了登录<span class="ff3"> Linux </span>系统所必需的每个用户的信息。它保存用户的有用</div><div class="t m0 x4 h5 ya ff5 fs1 fc0 sc0 ls0 ws0">信息,如</div><div class="t m0 x4 h4 yb ff3 fs1 fc0 sc0 ls0 ws0">(4)<span class="_ _2"> </span><span class="ff6 fs2">用户名:密码:用户<span class="ff4"> ID</span>:群组<span class="ff4"> ID</span>:用户<span class="ff4"> ID </span>信息:用户的家目录:<span class="ff4"> Shell</span></span></div><div class="t m0 x4 h5 yc ff3 fs1 fc0 sc0 ls0 ws0">7 <span class="ff5">个字段的详细信息如下。</span></div><div class="t m0 x5 h5 yd ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff5">用户名</span> <span class="ff5">(</span>root<span class="ff5">):</span> <span class="ff5">已创建用户的用户名,字符长度</span> 1 <span class="ff5">个到</span> 12 <span class="ff5">个字符。</span></div><div class="t m0 x5 h5 ye ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="ff5">密码(</span>x<span class="ff5">):代表加密密码保存在</span> <span class="_"> </span><span class="ff4 fs2">/etc/shadow<span class="_ _2"> </span></span><span class="ff5">文件中。</span></div><div class="t m0 x5 h5 yf ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff5">用户</span> ID<span class="ff5">(</span>0<span class="ff5">):代表用户的</span> ID <span class="ff5">号,每个用户都要有一个唯一的</span> ID <span class="ff5">。</span>UID <span class="ff5">号为</span> 0 <span class="ff5">的是为</span> </div><div class="t m0 x6 h5 y10 ff3 fs1 fc0 sc0 ls0 ws0">root <span class="ff5">用户保留的,</span>UID <span class="ff5">号</span> 1 <span class="ff5">到</span> 99 <span class="ff5">是为系统用户保留的,</span>UID <span class="ff5">号</span> 100-999 <span class="ff5">是为系统账户</span></div><div class="t m0 x6 h5 y11 ff5 fs1 fc0 sc0 ls0 ws0">和群组保留的。</div><div class="t m0 x5 h5 y12 ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. <span class="ff5">群组</span> ID <span class="ff5">(</span>0<span class="ff5">):代表群组的</span> ID <span class="ff5">号,每个群组都要有一个唯一的</span> GID <span class="ff5">,保存在</span> </div><div class="t m0 x6 h5 y13 ff3 fs1 fc0 sc0 ls0 ws0">/etc/group<span class="ff5">文件中。</span></div><div class="t m0 x5 h5 y14 ff3 fs1 fc0 sc0 ls0 ws0">5<span class="_ _1"></span>. <span class="ff5">用户信息(</span>root<span class="ff5">):代表描述字段,可以用来描述用户的信息(</span>LCTT <span class="ff5">译注:此处原文疑</span></div><div class="t m0 x6 h5 y15 ff5 fs1 fc0 sc0 ls0 ws0">有误)。</div><div class="t m0 x5 h5 y16 ff3 fs1 fc0 sc0 ls0 ws0">6<span class="_ _1"></span>. <span class="ff5">家目录(主目录)(</span>/root<span class="ff5">):代表用户的家目录。</span></div><div class="t m0 x5 h5 y17 ff3 fs1 fc0 sc0 ls0 ws0">7<span class="_ _1"></span>. Shell<span class="ff5">(</span>/bin/bash<span class="ff5">):代表用户使用的</span> shell <span class="ff5">类型。</span></div><div class="t m0 x4 h4 y18 ff3 fs1 fc0 sc0 ls0 ws0"></div><div class="t m0 x3 h4 y19 ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. /etc/shadow</div><div class="t m0 x4 h5 y1a ff3 fs1 fc0 sc0 ls0 ws0">(1)<span class="_ _2"> </span><span class="ff4 fs2">/etc/shadow<span class="_ _2"> </span></span> <span class="ff5">是类</span>Unix<span class="ff5">系统中的另一个关键文件,用于存储用户账户的加密密码及其相关</span></div><div class="t m0 x4 h5 y1b ff5 fs1 fc0 sc0 ls0 ws0">的安全信息。与<span class="_ _2"> </span><span class="ff4 fs2">/etc/passwd<span class="_ _2"> </span></span><span class="ff3"> </span>文件配合使用,<span class="ff3">(2)<span class="_ _2"> </span><span class="ff4 fs2">/etc/shadow<span class="_ _2"> </span></span> </span>提高了用户密码的安全性,</div><div class="t m0 x4 h5 y1c ff5 fs1 fc0 sc0 ls0 ws0">因为它存储了经过加密的密码,而不是明文密码。</div><div class="t m0 x4 h5 y1d ff5 fs1 fc0 sc0 ls0 ws0">用于存储<span class="ff3"> Linux </span>系统中用户的密码信息,又称为<span class="ff3">“</span>影子文件<span class="ff3">”</span>。</div><div class="t m0 x4 h5 y1e ff5 fs1 fc0 sc0 ls0 ws0">将密码从<span class="ff3">/etc/passwd</span>中分离出来,<span class="ff3">(3)/etc/shadow </span>文件只有<span class="ff3"> root </span>用户拥有读写权限,所有</div><div class="t m0 x4 h5 y1f ff5 fs1 fc0 sc0 ls0 ws0">组可读,其他用户无权限,保证了用户密码的安全性。</div><div class="t m0 x4 h5 y20 ff3 fs1 fc0 sc0 ls0 ws0">(4)<span class="ff5">每行表示一个用户,用</span>”:“<span class="ff5">分隔,有</span>9<span class="ff5">个字段,解释如下:</span></div></div><a class="l"><div class="d m1"></div></a></div><div class="pi" data-data='{"ctm":[1.611792,0.000000,0.000000,1.611792,0.000000,0.000000]}'></div></div><div id="pf2" class="pf w0 h0" data-page-no="2"><div class="pc pc2 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="/image.php?url=https://csdnimg.cn/release/download_crawler_static/89894425/bg2.jpg"><div class="c x1 y1 w2 h2"><div class="t m0 x3 h4 y21 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. ~/.ssh/authorized_keys</div><div class="t m0 x7 h5 y22 ff4 fs2 fc0 sc0 ls0 ws0">~/.ssh/authorized_keys<span class="_ _2"> </span><span class="ff3 fs1"> <span class="ff5">是一个存储用户公钥的文件,用于</span> SSH<span class="ff5">(</span>Secure Shell<span class="ff5">)协议的</span></span></div><div class="t m0 x4 h5 y23 ff5 fs1 fc0 sc0 ls0 ws0">身份验证。在用户主目录下的<span class="ff3"> <span class="_ _2"> </span><span class="ff4 fs2">.ssh<span class="_ _2"> </span></span> </span>目录中</div><div class="t m0 x4 h5 y24 ff3 fs1 fc0 sc0 ls0 ws0">authorized_keys<span class="ff5">文件位于</span>SSH<span class="ff5">服务器上,用于存储允许访问该服务器的客户端的公钥。当您</span></div><div class="t m0 x4 h5 y25 ff5 fs1 fc0 sc0 ls0 ws0">希望使用密钥进行<span class="ff3">SSH</span>身份验证时,您需要将您的公钥<span class="ff1">添加</span>到目标服务器的<span class="ff3">authorized_keys</span></div><div class="t m0 x4 h5 y26 ff5 fs1 fc0 sc0 ls0 ws0">文件中。只有在<span class="ff3">authorized_keys</span>文件中列出的公钥才能成功进行身份验证并获得访问权限。</div><div class="t m0 x4 h5 y27 ff3 fs1 fc0 sc0 ls0 ws0">authorized_keys<span class="ff5">文件的<span class="ff1">作用</span>是配置服务器允许哪些客户端使用密钥进行身份验证。每个客户</span></div><div class="t m0 x4 h5 y28 ff5 fs1 fc0 sc0 ls0 ws0">端的公钥都需要在该文件中有相应的条目才能成功进行身份验证。</div><div class="t m0 x4 h5 y29 ff1 fs1 fc0 sc0 ls0 ws0">公钥登录原理<span class="ff5">就是客户端将自己的公钥存储到远程主机的<span class="ff3">.ssh/authorized_keys</span>中,客户端发</span></div><div class="t m0 x4 h5 y2a ff5 fs1 fc0 sc0 ls0 ws0">起登录时,远程主机会发送一段随机字符串给客户端,客户端用自己的私钥加密后重新发回远</div><div class="t m0 x4 h5 y2b ff5 fs1 fc0 sc0 ls0 ws0">程主机,远程主机用存储的客户端公钥解密之后对比之前发送给客户端的字符串,相同的话即</div><div class="t m0 x4 h5 y2c ff5 fs1 fc0 sc0 ls0 ws0">认为客户机认证,不在需要输入密码直接登录系统。(这个原理不一定对,但是大概是这么个</div><div class="t m0 x4 h5 y2d ff5 fs1 fc0 sc0 ls0 ws0">意思)</div></div><div class="c x8 y2e w3 h6"><div class="t m0 x9 h7 y2f ff4 fs2 fc0 sc0 ls0 ws0">root:!:17826:0:99999:7:::</div><div class="t m0 x9 h7 y30 ff4 fs2 fc0 sc0 ls0 ws0">daemon:*:17737:0:99999:7:::</div><div class="t m0 x9 h7 y31 ff4 fs2 fc0 sc0 ls0 ws0">bin:*:17737:0:99999:7:::</div><div class="t m0 x9 h8 y32 ff6 fs2 fc0 sc0 ls0 ws0">用户名:</div><div class="t m0 x9 h8 y33 ff6 fs2 fc0 sc0 ls0 ws0">加密密码<span class="ff4">(</span>是被<span class="ff4">SHA512</span>散列哈希后的真正的密码,原先是<span class="ff4">MD5</span>或<span class="ff4">DES)</span>:</div><div class="t m0 x9 h8 y34 ff6 fs2 fc0 sc0 ls0 ws0">最后一次修改时间:</div><div class="t m0 x9 h8 y35 ff6 fs2 fc0 sc0 ls0 ws0">最小修改时间间隔:</div><div class="t m0 x9 h8 y36 ff6 fs2 fc0 sc0 ls0 ws0">密码有效期:</div><div class="t m0 x9 h8 y37 ff6 fs2 fc0 sc0 ls0 ws0">密码需要变更前的警告天数:</div><div class="t m0 x9 h8 y38 ff6 fs2 fc0 sc0 ls0 ws0">密码过期后的宽限时间:</div><div class="t m0 x9 h8 y39 ff6 fs2 fc0 sc0 ls0 ws0">账号失效时间:</div><div class="t m0 x9 h8 y3a ff6 fs2 fc0 sc0 ls0 ws0">保留字段</div></div></div><div class="pi" data-data='{"ctm":[1.611792,0.000000,0.000000,1.611792,0.000000,0.000000]}'></div></div><div id="pf3" class="pf w0 h0" data-page-no="3"><div class="pc pc3 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="/image.php?url=https://csdnimg.cn/release/download_crawler_static/89894425/bg3.jpg"><div class="c x1 y3b w2 h2"><div class="t m0 x6 h5 y3c ff5 fs1 fc0 sc0 ls0 ws0">免密码登录的处理是用户对用户的,切换其他用户后,仍然需要输入密码</div><div class="t m0 x6 h5 y3d ff5 fs1 fc0 sc0 ls0 ws0">远程机器的<span class="ff3">.ssh</span>目录需要<span class="ff3">700</span>权限,<span class="ff3">authorized_keys</span>文件需要<span class="ff3">600</span>权限<span class="ff3"> </span></div><div class="t m0 x6 h5 y3e ff5 fs1 fc0 sc0 ls0 ws0">否则配置是不成功的(每次登录都得重新去输入密码的)</div><div class="t m0 x3 h4 y3f ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. ~/.ssh/known_hosts</div><div class="t m0 xa h5 y40 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff5">基于口令认证,出现在第一次登录远程主机时,<span class="ff1">对<span class="ff2">Server</span>的公钥进行认证</span></span></div><div class="t m0 xa h5 y41 ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="_"> </span><span class="ff4 fs2">~/.ssh/known_hosts<span class="_ _2"> </span></span> <span class="ff5">文件是</span> SSH <span class="ff5">客户端用于存储已知主机的文件。当用户首次连接到一个</span> </div><div class="t m0 x4 h5 y42 ff3 fs1 fc0 sc0 ls0 ws0">SSH <span class="ff5">服务器时,该服务器的公钥会被保存到这个文件中。随后,当用户再次连接到相同的服</span></div><div class="t m0 x4 h5 y43 ff5 fs1 fc0 sc0 ls0 ws0">务器时,<span class="ff3">SSH </span>客户端会检查服务器的公钥是否与<span class="ff3"> <span class="_ _2"> </span><span class="ff4 fs2">known_hosts<span class="_ _2"> </span></span> </span>文件中保存的相匹配。如果</div><div class="t m0 x4 h5 y44 ff5 fs1 fc0 sc0 ls0 ws0">匹配,连接会被建立,否则,<span class="ff3">SSH </span>客户端会发出警告,表明连接可能不安全。</div><div class="t m0 xa h5 y45 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff1">第一次登录远程主机流程<span class="ff5">:第一次</span></span>ssh<span class="ff5">到远程主机时远程主机会发送它的公钥到客户端主机,</span></div><div class="t m0 x4 h5 y46 ff5 fs1 fc0 sc0 ls0 ws0">客户机确认继续连接后会把远程主机的公钥保存到<span class="ff3">.ssh/known_hosts</span>文件,下次再连接此远</div><div class="t m0 x4 h5 y47 ff5 fs1 fc0 sc0 ls0 ws0">程主机时会去<span class="ff3">.ssh/known_hosts</span>查看,如果是已经保存的公钥证明是信任主机,即不会告警</div><div class="t m0 x4 h5 y48 ff5 fs1 fc0 sc0 ls0 ws0">并直接提示输入用户名密码登录。</div><div class="t m0 xa h5 y49 ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. <span class="ff5">远程主机收到客户端请求后会把自己的公钥发送给客户端,客户端通过公钥加密之后将<span class="ff1">密码</span>发</span></div><div class="t m0 x4 h5 y4a ff5 fs1 fc0 sc0 ls0 ws0">送给远程主机,远程主机用密钥解密,密码如果正确则登录成功。</div><div class="t m0 xa h5 y4b ff3 fs1 fc0 sc0 ls0 ws0">5<span class="_ _1"></span>. <span class="ff5">需要</span>Known_host<span class="ff5">是因为:这个文件主要是通过</span>Client<span class="ff5">和</span>Server<span class="ff5">的双向认证,从而避免中间人</span></div><div class="t m0 x4 h5 y4c ff5 fs1 fc0 sc0 ls0 ws0">(<span class="ff3">man-in-the-middle attack</span>)攻击,每次<span class="ff3">Client</span>向<span class="ff3">Server</span>发起连接的时候,不仅仅<span class="ff3">Server</span>要</div><div class="t m0 x4 h5 y4d ff5 fs1 fc0 sc0 ls0 ws0">验证<span class="ff3">Client</span>的合法性,<span class="ff3">Client</span>同样也需要验证<span class="ff3">Server</span>的身份,<span class="ff3">SSH client</span>就是通过</div><div class="t m0 x4 h5 y4e ff3 fs1 fc0 sc0 ls0 ws0">known_hosts<span class="ff5">中的</span>host key<span class="ff5">来验证</span>Server<span class="ff5">的身份的。</span></div><div class="t m0 x3 h4 y4f ff3 fs1 fc0 sc0 ls0 ws0">5<span class="_ _1"></span>. <span class="fc1">ACL(Access Control List)</span></div><div class="t m0 xb h5 y50 ff5 fs1 fc0 sc0 ls0 ws0">访问控制列表</div><div class="t m0 xb h5 y51 ff5 fs1 fc0 sc0 ls0 ws0">首先是<span class="ff2">windows</span>的<span class="ff3"> ACL</span>、<span class="ff3">ACE</span>、<span class="ff3">DACL</span>、<span class="ff3">SACL</span></div><div class="t m0 xa h5 y52 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. ACL<span class="ff5">:</span>Access Control List<span class="ff5">,用来表示用户(组)权限的列表,包括</span>DACL<span class="ff5">和</span>SACL</div><div class="t m0 xa h5 y53 ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. ACE<span class="ff5">:</span>Access Control Entry<span class="ff5">,</span>ACL<span class="ff5">中的元素</span></div><div class="t m0 x6 h5 y54 ff5 fs1 fc0 sc0 ls0 ws0">可以理解<span class="ff3"> </span>当前安全对象的限制,一个用户<span class="ff3">/</span>用户组对该安全对象的<span class="ff3"> </span>是否可读<span class="ff3"> </span>是否可写,</div><div class="t m0 x6 h5 y55 ff5 fs1 fc0 sc0 ls0 ws0">那么此时<span class="ff3">ACE</span>就是可读<span class="ff3"> </span>可写这两个东西</div><div class="t m0 xa h5 y56 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. DACL<span class="ff5">:</span>Discretionary Access Control List<span class="ff5">,用来表示安全对象权限的列表</span></div><div class="t m0 x6 h5 y57 ff5 fs1 fc0 sc0 ls0 ws0">可以理解对<span class="ff3"> </span>当前安全对象的限制,比如<span class="ff3"> a</span>用户<span class="ff3">/</span>用户组对该安全对象的<span class="ff3">XXX</span>权限<span class="ff3"> b</span>用户<span class="ff3">/</span>用</div><div class="t m0 x6 h5 y58 ff5 fs1 fc0 sc0 ls0 ws0">户组对该安全对象的<span class="ff3">XXX</span>权限,那么此时<span class="ff3">DACL</span>则为两条数目</div><div class="t m0 xa h5 y59 ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. SACL<span class="ff5">:</span>System Access Control List<span class="ff5">,用来记录对安全对象访问的日志</span></div><div class="t m0 xb h5 y5a ff3 fs1 fc0 sc0 ls0 ws0">Windows<span class="ff5">访问控制模型中会用到</span>ACL<span class="ff5">,比如文件、注册表的权限都包括</span>ACL<span class="ff5">,用来表示哪些用户</span></div><div class="t m0 xb h5 y5b ff5 fs1 fc0 sc0 ls0 ws0">(组)具有操作权限</div><div class="t m0 xb h5 y5c ff5 fs1 fc0 sc0 ls0 ws0">然后是<span class="ff2">Unix</span>的<span class="ff3 fc1">POSIX ACL</span></div><div class="t m0 x4 h5 y5d ff3 fs1 fc0 sc0 ls0 ws0">ACL<span class="ff5">就是可以设置特定用户或者用户组对于一个文件</span>/<span class="ff5">文件夹的操作权限。</span></div><div class="t m0 x4 h5 y5e ff5 fs1 fc0 sc0 ls0 ws0">可用于解决<span class="ff3">Linux</span>基本文件权限系统中权限分配空白问题</div><div class="t m0 x4 h5 y5f ff5 fs1 fc0 sc0 ls0 ws0">可以独立设置除了所有者和所属组以外的某个特定组或特定用户的访问权限</div><div class="t m0 x3 h4 y60 ff3 fs1 fc0 sc0 ls0 ws0">6<span class="_ _1"></span>. <span class="fc1">APT</span>(advanced persistent threat)</div><div class="t m0 xa h5 y61 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff5">高级持续性威胁(</span>Advanced Persistent Threat<span class="ff5">,</span>APT<span class="ff5">),又叫高级长期威胁,是一种复杂</span></div><div class="t m0 x4 h5 y62 ff5 fs1 fc0 sc0 ls0 ws0">的、持续的网络攻击,不仅包括传统的<span class="ff3"> </span>网络攻击技术,也会结合一些社会工程学手段,通过</div><div class="t m0 x4 h5 y63 ff5 fs1 fc0 sc0 ls0 ws0">人的弱点结合漏洞进行尝试攻击。</div><div class="t m0 xa h5 y64 ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="ff5">包含三个要素:高级、长期、威胁。</span></div><div class="t m0 x5 h5 y65 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff5">高级是指执行</span>APT<span class="ff5">攻击需要比传统攻击更高的定制程度和复杂程度,需要花费大量时间</span></div><div class="t m0 x6 h5 y66 ff5 fs1 fc0 sc0 ls0 ws0">和资源来研究确定系统内部的漏洞;</div><div class="t m0 x5 h5 y67 ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="ff5">长期是为了达到特定目的,过程中</span>“<span class="ff5">放长线</span>”<span class="ff5">,持续监控目标,对目标保有长期的访问</span></div><div class="t m0 x6 h5 y68 ff5 fs1 fc0 sc0 ls0 ws0">权;</div><div class="t m0 x5 h5 y69 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff5">威胁强调的是人为参与策划的攻击,攻击目标是高价值的组织,攻击一旦得手,往往会</span></div><div class="t m0 x6 h5 y6a ff5 fs1 fc0 sc0 ls0 ws0">给攻击目标造成巨大的经济损失或政治影响,乃至于毁灭性打击。</div></div><a class="l"><div class="d m1"></div></a><a class="l"><div class="d m1"></div></a><a class="l"><div class="d m1"></div></a></div><div class="pi" data-data='{"ctm":[1.611792,0.000000,0.000000,1.611792,0.000000,0.000000]}'></div></div><div id="pf4" class="pf w0 h0" data-page-no="4"><div class="pc pc4 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="/image.php?url=https://csdnimg.cn/release/download_crawler_static/89894425/bg4.jpg"><div class="c x1 y6b w2 h9"><div class="t m0 xa h5 y6c ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff5">相较于传统攻击,</span>APT<span class="ff5">攻击最大的威胁是隐蔽性、针对性和持续性。</span></div><div class="t m0 x3 h4 y6d ff3 fs1 fc0 sc0 ls0 ws0">7<span class="_ _1"></span>. autoexec</div><div class="t m0 x4 h5 y6e ff5 fs1 fc0 sc0 ls0 ws0">在系统启动时自动执行的脚本或配置文件,这些文件用于设置系统环境、加载驱动程序和执行</div><div class="t m0 x4 h5 y6f ff5 fs1 fc0 sc0 ls0 ws0">其他启动任务。</div><div class="t m0 x4 h5 y70 ff2 fs1 fc0 sc0 ls0 ws0">AUTOEXEC.BAT<span class="ff1">(</span>DOS/Windows<span class="ff1">):<span class="ff3"> <span class="ff5">在早期的</span> MS-DOS <span class="ff5">和一些早期版本的</span> Windows <span class="ff5">操作</span></span></span></div><div class="t m0 x4 h5 y71 ff5 fs1 fc0 sc0 ls0 ws0">系统中,存在一个名为<span class="ff3"> <span class="_ _2"> </span><span class="ff4 fs2">AUTOEXEC.BAT<span class="_ _2"> </span></span> </span>的特殊批处理文件。这个文件在系统启动时自动执</div><div class="t m0 x4 h5 y72 ff5 fs1 fc0 sc0 ls0 ws0">行,其中包含一系列命令和设置,用于配置系统环境、加载设备驱动程序和运行启动时需要执</div><div class="t m0 x4 h5 y73 ff5 fs1 fc0 sc0 ls0 ws0">行的其他任务。这是一个初始化系统环境的地方,通常包括路径设置、内存管理、加载驱动程</div><div class="t m0 x4 h5 y74 ff5 fs1 fc0 sc0 ls0 ws0">序等。</div><div class="t m0 x4 h5 y75 ff2 fs1 fc0 sc0 ls0 ws0">autoexec<span class="ff1">(</span>Unix/Linux<span class="ff1">):<span class="ff3"> <span class="ff5">在</span> Unix <span class="ff5">和类似的操作系统中,</span>"autoexec" <span class="ff5">一词没有一个特定</span></span></span></div><div class="t m0 x4 h5 y76 ff5 fs1 fc0 sc0 ls0 ws0">的标准含义。然而,用户可以创建脚本或配置文件,并将其放置在启动时自动执行的位置。例</div><div class="t m0 x4 h5 y77 ff5 fs1 fc0 sc0 ls0 ws0">如,对于<span class="ff3"> Bash</span>(<span class="ff3">Bourne Again Shell</span>)作为默认<span class="ff3"> shell </span>的系统,用户可以将启动脚本命名为<span class="ff3"> </span></div><div class="t m0 x7 h5 y78 ff4 fs2 fc0 sc0 ls0 ws0">.bashrc<span class="_ _2"> </span><span class="ff3 fs1"> <span class="ff5">或</span> <span class="_ _2"> </span></span>.bash_profile<span class="_ _2"> </span><span class="ff5 fs1">,其中包含在登录时要执行的命令。</span></div><div class="t m0 x4 h5 y79 ff5 fs1 fc0 sc0 ls0 ws0">打开数据库时能自动运行宏的名称为<span class="ff3">“Autoexec”</span>。<span class="ff3">AutoExec</span>宏可以在首次打开数据库时执行</div><div class="t m0 x4 h5 y7a ff5 fs1 fc0 sc0 ls0 ws0">执行<span class="ff3"> </span>一个或一系列的指定操作。也就是说在打开数据库时,<span class="ff3">Access</span>将查找一个名为<span class="ff3">AutoExec</span></div><div class="t m0 x4 h5 y7b ff5 fs1 fc0 sc0 ls0 ws0">的宏,如<span class="ff3"> </span>果找到,就自动运行它。</div><div class="t m0 x3 h4 y7c ff3 fs1 fc0 sc0 ls0 ws0">8<span class="_ _1"></span>. <span class="fc1">backup operators</span></div><div class="t m0 xa h5 y7d ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. “Backup Operators”<span class="ff5">组的成员可以备份和还原计算机上的所有文件,而不管保护这些文件的</span></div><div class="t m0 x4 h5 y7e ff5 fs1 fc0 sc0 ls0 ws0">权限如何。</div><div class="t m0 xa h5 y7f ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. Backup Operators <span class="ff5">还可以登录到并关闭计算机。</span> <span class="ff5">无法重命名、删除或移除此组。</span> </div><div class="t m0 xa h5 y80 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff5">默认情况下,此内置组没有成员,它可以在域控制器上执行备份和还原操作。</span> <span class="ff5">以下组的成员</span></div><div class="t m0 x4 h5 y81 ff5 fs1 fc0 sc0 ls0 ws0">可以修改<span class="ff3">“Backup Operators”</span>组成员身份:默认服务管理员、域中的域管理员和企业管理</div><div class="t m0 x4 h5 y82 ff5 fs1 fc0 sc0 ls0 ws0">员。</div><div class="t m0 xa h5 y83 ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. “Backup Operators”<span class="ff5">组的成员不能修改任何管理组的成员身份。</span> <span class="ff5">尽管此组的成员无法更改服</span></div><div class="t m0 x4 h5 y84 ff5 fs1 fc0 sc0 ls0 ws0">务器设置或修改目录的配置,但他们具有替换域控制器上的文件(包括操作系统文件)所需的</div><div class="t m0 x4 h5 y85 ff5 fs1 fc0 sc0 ls0 ws0">权限。<span class="ff3"> </span>由于此组的成员可以替换域控制器上的文件,因此他们被视为服务管理员。</div><div class="t m0 xa h5 y86 ff3 fs1 fc0 sc0 ls0 ws0">5<span class="_ _1"></span>. “Backup Operators”<span class="ff5">组适用于默认</span> Active Directory <span class="ff5">安全组中的</span> Windows Server <span class="ff5">操作系</span></div><div class="t m0 x4 h5 y87 ff5 fs1 fc0 sc0 ls0 ws0">统。</div><div class="t m0 x3 h4 y88 ff3 fs1 fc0 sc0 ls0 ws0">9<span class="_ _1"></span>. bitlocker</div><div class="t m0 xa h5 y89 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. BitLocker <span class="ff5">是由</span> Microsoft <span class="ff5">开发的一种全磁盘加密技术,用于保护</span> Windows <span class="ff5">操作系统上的数</span></div><div class="t m0 x4 h5 y8a ff5 fs1 fc0 sc0 ls0 ws0">据。它旨在提供对整个硬盘驱动器的加密,包括操作系统、系统文件、用户数据和暂存文件。</div><div class="t m0 x4 h5 y8b ff3 fs1 fc0 sc0 ls0 ws0">BitLocker <span class="ff5">可以帮助防范数据丢失、盗窃或未经授权的访问。</span></div><div class="t m0 xb h5 y8c ff5 fs1 fc0 sc0 ls0 ws0">提供了三种操作模式:</div><div class="t m0 xb h5 y8d ff5 fs1 fc0 sc0 ls0 ws0">前两种模式需要称为可信平台模块(版本<span class="ff3"> 1.2 </span>或更高版本)的加密硬件芯片和兼容的<span class="ff3"> BIOS</span>:<span class="ff3"> </span></div><div class="t m0 x4 h5 y8e ff5 fs1 fc0 sc0 ls0 ws0">透明操作模式:此模式利用<span class="ff3"> TPM 1.2 </span>硬件的功能来提供透明的用户体验<span class="ff3"> - </span>用户正常登录到<span class="ff3"> </span></div><div class="t m0 x4 h5 y8f ff3 fs1 fc0 sc0 ls0 ws0">Windows Vista<span class="ff5">。</span> </div><div class="t m0 x4 h5 y90 ff5 fs1 fc0 sc0 ls0 ws0">用户身份验证模式:此模式要求用户向预启动环境提供一些身份验证,以便能够启动操作系</div><div class="t m0 x4 h5 y91 ff5 fs1 fc0 sc0 ls0 ws0">统。<span class="ff3"> </span></div><div class="t m0 xb h5 y92 ff5 fs1 fc0 sc0 ls0 ws0">最终模式不需要<span class="ff3"> TPM </span>芯片:<span class="ff3"> </span></div><div class="t m0 x4 h5 y93 ff3 fs1 fc0 sc0 ls0 ws0">USB <span class="ff5">密钥:用户必须将包含启动密钥的</span> USB <span class="ff5">设备插入计算机,才能启动受保护的操作系统。</span> </div><div class="t m0 x4 h5 y94 ff5 fs1 fc0 sc0 ls0 ws0">请注意,此模式要求受保护计算机上的<span class="ff3"> BIOS </span>支持在预操作系统环境中读取<span class="ff3"> USB </span>设备。</div><div class="t m0 xc h4 y95 ff3 fs1 fc0 sc0 ls0 ws0">10<span class="_ _3"></span>. <span class="_ _4"></span>botnet</div><div class="t m0 x4 h5 y96 ff3 fs1 fc0 sc0 ls0 ws0">Botnet<span class="ff5">(僵尸网络)是一组通过互联网连接在一起的计算机,这些计算机被恶意软件感染并</span></div><div class="t m0 x4 h5 y97 ff5 fs1 fc0 sc0 ls0 ws0">由远程控制者操控,形成一个网络。这些被感染的计算机通常被称为<span class="ff3">“</span>僵尸<span class="ff3">”</span>(<span class="ff3">bots</span>)。<span class="ff3">Botnet </span></div><div class="t m0 x4 h5 y98 ff5 fs1 fc0 sc0 ls0 ws0">可以被用于执行各种恶意活动,包括但不限于:</div><div class="t m0 x5 h5 y99 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff1">分布式拒绝服务攻击(<span class="ff2">DDoS</span>):</span> Botnet <span class="ff5">可以协调大量僵尸计算机向特定目标发起大规</span></div><div class="t m0 x6 h5 y9a ff5 fs1 fc0 sc0 ls0 ws0">模的流量,导致目标系统超载,服务不可用。</div><div class="t m0 x5 h5 y9b ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="ff1">恶意软件传播:</span> Botnet <span class="ff5">可以用于传播恶意软件,将感染传播到更多的计算机。</span></div></div><a class="l"><div class="d m1"></div></a></div><div class="pi" data-data='{"ctm":[1.611792,0.000000,0.000000,1.611792,0.000000,0.000000]}'></div></div><div id="pf5" class="pf w0 h0" data-page-no="5"><div class="pc pc5 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="/image.php?url=https://csdnimg.cn/release/download_crawler_static/89894425/bg5.jpg"><div class="c x1 y6b w2 h9"><div class="t m0 x5 h5 y9c ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff1">网络钓鱼:</span> Botnet <span class="ff5">可以用于执行网络钓鱼攻击,诱使用户揭示敏感信息,如用户名、密</span></div><div class="t m0 x6 h5 y9d ff5 fs1 fc0 sc0 ls0 ws0">码等。</div><div class="t m0 x5 h5 y9e ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. <span class="ff1">点击欺诈:</span> <span class="ff5">通过大量的僵尸计算机点击广告或链接,欺骗广告系统以获取非法收益。</span></div><div class="t m0 x5 h5 y9f ff3 fs1 fc0 sc0 ls0 ws0">5<span class="_ _1"></span>. <span class="ff1">间谍活动:</span> Botnet <span class="ff5">可以被用于监视和窃取受害者的个人信息、敏感数据或商业机密。</span></div><div class="t m0 x5 h5 ya0 ff3 fs1 fc0 sc0 ls0 ws0">6<span class="_ _1"></span>. <span class="ff1">密码破解:</span> <span class="ff5">使用</span> Botnet <span class="ff5">进行大规模的密码破解尝试,试图获取用户账户的访问权限。</span></div><div class="t m0 x5 h5 ya1 ff3 fs1 fc0 sc0 ls0 ws0">7<span class="_ _1"></span>. <span class="ff1">代理攻击:</span> <span class="ff5">将</span> Botnet <span class="ff5">用作代理,隐藏攻击者的真实身份,执行匿名攻击。</span></div><div class="t m0 x4 h5 ya2 ff3 fs1 fc0 sc0 ls0 ws0">Botnet <span class="ff5">的构建通常涉及到远程控制器(</span>Command and Control<span class="ff5">,</span>C&C<span class="ff5">)服务器,控制者可</span></div><div class="t m0 x4 h5 ya3 ff5 fs1 fc0 sc0 ls0 ws0">以通过<span class="ff3"> C&C </span>服务器向所有的僵尸计算机发送指令。感染计算机通常是通过恶意软件,如蠕</div><div class="t m0 x4 h5 ya4 ff5 fs1 fc0 sc0 ls0 ws0">虫、恶意下载、木马等手段进行感染的。</div><div class="t m0 x4 h5 ya5 ff5 fs1 fc0 sc0 ls0 ws0">为了防范<span class="ff3"> Botnet</span>,用户和组织需要保持其系统和应用程序的安全,定期更新防病毒软件,避</div><div class="t m0 x4 h5 ya6 ff5 fs1 fc0 sc0 ls0 ws0">免点击可疑链接,使用强密码,并保持操作系统和软件的及时更新。网络管理员还可以采用入</div><div class="t m0 x4 h5 ya7 ff5 fs1 fc0 sc0 ls0 ws0">侵检测系统(<span class="ff3">IDS</span>)、入侵防御系统(<span class="ff3">IPS</span>)等安全措施来检测和抵御<span class="ff3"> Botnet </span>攻击。</div><div class="t m0 xc h4 ya8 ff3 fs1 fc0 sc0 ls0 ws0">11<span class="_ _3"></span>. <span class="_ _4"></span>CGI</div><div class="t m0 x4 h5 ya9 ff3 fs1 fc0 sc0 ls0 ws0">CGI<span class="ff5">(</span>Common Gateway Interface<span class="ff5">通用网关接口)是一种标准,用于在</span>Web<span class="ff5">服务器和外部程</span></div><div class="t m0 x4 h5 yaa ff5 fs1 fc0 sc0 ls0 ws0">序之间传递信息的标准协议。通过<span class="ff3"> CGI</span>,<span class="ff3">Web</span>服务器可以调用外部程序来处理用户的请求,生</div><div class="t m0 x4 h5 yab ff5 fs1 fc0 sc0 ls0 ws0">成动态的<span class="ff3">Web</span>内容。<span class="ff3">CGI</span>是<span class="ff3">Web</span>应用程序的基础之一,尤其是在早期的<span class="ff3">Web</span>开发中。</div><div class="t m0 x4 h5 yac ff5 fs1 fc0 sc0 ls0 ws0">主要特点和工作流程:</div><div class="t m0 x5 h5 yad ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff1">动态内容生成:</span> CGI <span class="ff5">允许在用户请求时执行外部程序,生成动态内容。这使得</span> Web <span class="ff5">页</span></div><div class="t m0 x6 h5 yae ff5 fs1 fc0 sc0 ls0 ws0">面可以根据用户的输入或其他条件实时生成,而不仅仅是静态的<span class="ff3">HTML</span>文件。</div><div class="t m0 xa h5 yaf ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="ff2">Web<span class="ff1">服务器与外部程序的通信:</span></span> <span class="ff5">当用户请求一个</span>CGI<span class="ff5">脚本时,</span>Web<span class="ff5">服务器将启动该脚本并将</span></div><div class="t m0 x4 h5 yb0 ff5 fs1 fc0 sc0 ls0 ws0">用户的请求信息传递给脚本。脚本处理请求并生成相应的输出,将输出返回给<span class="ff3">Web</span>服务器,</div><div class="t m0 x4 h5 yb1 ff5 fs1 fc0 sc0 ls0 ws0">然后由<span class="ff3">Web</span>服务器传递给用户的浏览器。</div><div class="t m0 xa h5 yb2 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff1">编程语言的选择:</span> CGI <span class="ff5">脚本可以使用多种编程语言编写,包括但不限于</span>Perl<span class="ff5">、</span>Python<span class="ff5">、</span></div><div class="t m0 x4 h5 yb3 ff3 fs1 fc0 sc0 ls0 ws0">Ruby<span class="ff5">、</span>C<span class="ff5">、</span>C++<span class="ff5">等。这些脚本可以与</span>Web<span class="ff5">服务器进行交互,执行数据库查询、文件操作等任</span></div><div class="t m0 x4 h5 yb4 ff5 fs1 fc0 sc0 ls0 ws0">务。</div><div class="t m0 xa h5 yb5 ff3 fs1 fc0 sc0 ls0 ws0">4<span class="_ _1"></span>. <span class="ff1">环境变量:</span> Web<span class="ff5">服务器通过环境变量将用户请求的信息传递给</span>CGI<span class="ff5">脚本,包括请求方法(</span>GET</div><div class="t m0 x4 h5 yb6 ff5 fs1 fc0 sc0 ls0 ws0">或<span class="ff3">POST</span>)、用户代理信息、用户<span class="ff3">IP</span>地址等。</div><div class="t m0 xa h5 yb7 ff3 fs1 fc0 sc0 ls0 ws0">5<span class="_ _1"></span>. <span class="ff2">CGI<span class="ff1">脚本的位置:</span></span> CGI <span class="ff5">脚本通常存放在</span>Web<span class="ff5">服务器的特定目录(例如,<span class="_ _2"> </span><span class="ff4 fs2">/cgi<span class="ff3">-</span>bin/<span class="_ _2"> </span></span>目录),</span></div><div class="t m0 x4 h5 yb8 ff5 fs1 fc0 sc0 ls0 ws0">以便<span class="ff3">Web</span>服务器知道哪些脚本需要执行。</div><div class="t m0 xa h5 yb9 ff3 fs1 fc0 sc0 ls0 ws0">6<span class="_ _1"></span>. <span class="ff1">后续技术的发展:</span> <span class="ff5">尽管</span> CGI <span class="ff5">提供了一种灵活的方式来生成动态内容,但它的性能相对较低。</span></div><div class="t m0 x4 h5 yba ff5 fs1 fc0 sc0 ls0 ws0">随着时间的推移,更先进的技术,如<span class="ff3">FastCGI</span>、<span class="ff3">mod_perl</span>、<span class="ff2">PHP</span>、<span class="ff3">ASP</span>、<span class="ff2">JSP</span>等,逐渐取代了</div><div class="t m0 x4 h5 ybb ff5 fs1 fc0 sc0 ls0 ws0">纯粹的<span class="ff3"> CGI</span>。</div><div class="t m0 xb h5 ybc ff3 fs1 fc0 sc0 ls0 ws0">CGI<span class="ff5">的安全需要考虑<span class="ff2">web<span class="ff1">服务器安全</span></span>和<span class="ff2">CGI<span class="ff1">语言的安全</span></span>。</span></div><div class="t m0 xb h5 ybd ff5 fs1 fc0 sc0 ls0 ws0">需要注意的是,由于性能和安全性的原因,<span class="ff3">CGI </span>在现代<span class="ff3">Web</span>开发中的使用逐渐减少,而更多的应用</div><div class="t m0 xb h5 ybe ff5 fs1 fc0 sc0 ls0 ws0">程序采用其他技术和框架来处理动态内容的生成。</div><div class="t m0 xc h5 ybf ff3 fs1 fc0 sc0 ls0 ws0">12<span class="_ _3"></span>. <span class="_ _4"></span>CIH<span class="ff5">病毒</span></div><div class="t m0 x4 h5 yc0 ff3 fs1 fc0 sc0 ls0 ws0">CIH<span class="ff5">(也称为</span>Chernobyl<span class="ff5">、</span>Spacefiller<span class="ff5">、</span>CIH Spacefiller<span class="ff5">、</span>Chernobyl Virus<span class="ff5">、</span>Chernobyl Virus </div><div class="t m0 x4 h5 yc1 ff3 fs1 fc0 sc0 ls0 ws0">61199<span class="ff5">、</span>W95/CIH<span class="ff5">、</span>CIH.10<span class="ff5">、</span>CIH.1003<span class="ff5">等)是一种恶意计算机病毒,最初在</span>1998<span class="ff5">年</span>4<span class="ff5">月</span>26<span class="ff5">日</span></div><div class="t m0 x4 h5 yc2 ff5 fs1 fc0 sc0 ls0 ws0">爆发。它是由台湾的计算机学生陈宇凯(<span class="ff3">Chen Ing-hau</span>)创建的,因其攻击性和对系统造成</div><div class="t m0 x4 h5 yc3 ff5 fs1 fc0 sc0 ls0 ws0">的破坏而引起广泛关注。是首例能够破坏计算机系统硬件的病毒,同<span class="ff3"> </span>时也是最具杀伤力的恶</div><div class="t m0 x4 h5 yc4 ff5 fs1 fc0 sc0 ls0 ws0">性病毒。</div><div class="t m0 x4 h5 yc5 ff3 fs1 fc0 sc0 ls0 ws0">CIH <span class="ff5">病毒的特点包括:</span></div><div class="t m0 x5 h5 yc6 ff3 fs1 fc0 sc0 ls0 ws0">1<span class="_ _1"></span>. <span class="ff1">目标系统:</span> CIH <span class="ff5">病毒主要目标是</span>Windows 95<span class="ff5">和</span>Windows 98<span class="ff5">操作系统。</span></div><div class="t m0 x5 h5 yc7 ff3 fs1 fc0 sc0 ls0 ws0">2<span class="_ _1"></span>. <span class="ff1">传播方式:</span> CIH <span class="ff5">通过感染可执行文件(主要是</span>.exe <span class="ff5">文件)来传播。一旦被感染的文件在</span></div><div class="t m0 x6 h5 yc8 ff5 fs1 fc0 sc0 ls0 ws0">受感染的系统上运行,病毒会尝试感染其他可执行文件,进而传播。</div><div class="t m0 x5 h5 yc9 ff3 fs1 fc0 sc0 ls0 ws0">3<span class="_ _1"></span>. <span class="ff1">触发条件:</span> CIH <span class="ff5">病毒具有破坏性的特性,它会在每个月的第</span>26<span class="ff5">天(病毒作者的生日)触</span></div><div class="t m0 x6 h5 yca ff5 fs1 fc0 sc0 ls0 ws0">发。在这一天,<span class="ff3">CIH </span>将尝试覆盖受感染系统的主引导记录(<span class="ff3">MBR</span>)和硬盘驱动器上的文</div><div class="t m0 x6 h5 ycb ff5 fs1 fc0 sc0 ls0 ws0">件系统。这导致系统无法启动,文件系统和硬盘数据受到破坏。</div></div></div><div class="pi" data-data='{"ctm":[1.611792,0.000000,0.000000,1.611792,0.000000,0.000000]}'></div></div>