1. Possible leak points and their locations
There are two places in Windows where our secrets may be leaked: one is in a folder, and the other is in the registry.
1. In the folder: The files we browsed will be displayed in the "Documents" in the "Start" menu. If they are exposed, our secrets will be lost and they should be deleted. The contents in the "Document" are placed in the C:\Windows\Recent folder; the temporary files generated when installing the program and editing files are placed in the c:\windows\temp folder; the files are not really deleted when deleting the file, and the things in the recycling bin are stored in the C:\RECYCLED folder (implicitly). When you browse the website online, Windows will retain the web pages you have seen in the C:\WINDOWS\History and C:\Windows\Temporary Internet Files folders; inadvertently, Microsoft will also take some small cookies from the Internet for you to put the cookies in C:\WINDOWS\Cookies.
2. In the registry: the website address you have visited and the "network real name" that was born in the address bar of the IE browser.
In fact, the Windows registry itself is a big garbage warehouse. You can find the garbage you have when you have time. This article only points out one or two places here, aiming to guide you to learn from other things and know how to clear the places in the registry that may cause us to leak secrets.
We know that using the Windows operating system to open files, enter various passwords, or chat with friends with QQ, may cause personal secrets to leak and leave traces on the machine. For safety reasons, if you are on a public computer, you should erase the traces left by these operations when you leave. Below are possible leak points and solutions.
In fact, the Windows registry itself is a big garbage warehouse. You can find the garbage you have when you have time. This article only points out one or two places here, aiming to guide you to learn from other things and know how to clear the places in the registry that may cause us to leak secrets.
2. Specific examples
Two files are used to implement this function, VBS script file (you can define the file name yourself); batch file (you can define the file name yourself).
The script file is as follows:
Dim WSHShell
Set WSHShell=("")
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\reg",""
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\deldel",""
"HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "about:blank"
"HKCU\Software\Microsoft\Internet Explorer\TypedURLs\",""
"HKCU\Software\Microsoft\Internet Explorer\TypedURLs\"
"HKCU\Software\Microsoft\Internet Explorer\TypedURLs\",""
"HKCU\Software\3721\InputCns\",""
"HKCU\Software\3721\InputCns\"
"HKCU\Software\3721\InputCns\",""
The first two behaviors of this script define variables, please write them as follows. Starting from the third line, it is the processing of the registry. The third and fourth lines add process files that automatically run when the computer starts up in the registry, one is the script itself, and the other is the batch file. The fifth item restores the IE start page to "about:blank"; the sixth, seventh, and eighth items clear the address name of the web page that has been browsed in the address bar of the IE browser; the ninth, tenth, and eleventh items clear the real name of the network in the address bar of the IE address bar.
Here, readers need to master the following points:
1) Here we use the VBS scripting language, and the VBScript code is executed locally through Windows Script Host interpretation. VBS execution is inseparable from Windows script host (WSH). WSH is a language-independent script interpretation mechanism provided by Microsoft based on the 32-bit Windows platform. It enables scripts to run directly on the Windows desktop or command prompt. With WSH, users can manipulate WSH objects, ActiveX objects, registry and file systems. Under Windows 2000, WSH is also available to access the Windows NT Active Directory Service. WSH relies on the Visual Basic Script and Jscript scripting engines provided by IE3.0 and above, so WSH can only be installed after IE3.0 and above.
There are two places in Windows where our secrets may be leaked: one is in a folder, and the other is in the registry.
1. In the folder: The files we browsed will be displayed in the "Documents" in the "Start" menu. If they are exposed, our secrets will be lost and they should be deleted. The contents in the "Document" are placed in the C:\Windows\Recent folder; the temporary files generated when installing the program and editing files are placed in the c:\windows\temp folder; the files are not really deleted when deleting the file, and the things in the recycling bin are stored in the C:\RECYCLED folder (implicitly). When you browse the website online, Windows will retain the web pages you have seen in the C:\WINDOWS\History and C:\Windows\Temporary Internet Files folders; inadvertently, Microsoft will also take some small cookies from the Internet for you to put the cookies in C:\WINDOWS\Cookies.
2. In the registry: the website address you have visited and the "network real name" that was born in the address bar of the IE browser.
In fact, the Windows registry itself is a big garbage warehouse. You can find the garbage you have when you have time. This article only points out one or two places here, aiming to guide you to learn from other things and know how to clear the places in the registry that may cause us to leak secrets.
We know that using the Windows operating system to open files, enter various passwords, or chat with friends with QQ, may cause personal secrets to leak and leave traces on the machine. For safety reasons, if you are on a public computer, you should erase the traces left by these operations when you leave. Below are possible leak points and solutions.
In fact, the Windows registry itself is a big garbage warehouse. You can find the garbage you have when you have time. This article only points out one or two places here, aiming to guide you to learn from other things and know how to clear the places in the registry that may cause us to leak secrets.
2. Specific examples
Two files are used to implement this function, VBS script file (you can define the file name yourself); batch file (you can define the file name yourself).
The script file is as follows:
Dim WSHShell
Set WSHShell=("")
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\reg",""
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\deldel",""
"HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "about:blank"
"HKCU\Software\Microsoft\Internet Explorer\TypedURLs\",""
"HKCU\Software\Microsoft\Internet Explorer\TypedURLs\"
"HKCU\Software\Microsoft\Internet Explorer\TypedURLs\",""
"HKCU\Software\3721\InputCns\",""
"HKCU\Software\3721\InputCns\"
"HKCU\Software\3721\InputCns\",""
The first two behaviors of this script define variables, please write them as follows. Starting from the third line, it is the processing of the registry. The third and fourth lines add process files that automatically run when the computer starts up in the registry, one is the script itself, and the other is the batch file. The fifth item restores the IE start page to "about:blank"; the sixth, seventh, and eighth items clear the address name of the web page that has been browsed in the address bar of the IE browser; the ninth, tenth, and eleventh items clear the real name of the network in the address bar of the IE address bar.
Here, readers need to master the following points:
1) Here we use the VBS scripting language, and the VBScript code is executed locally through Windows Script Host interpretation. VBS execution is inseparable from Windows script host (WSH). WSH is a language-independent script interpretation mechanism provided by Microsoft based on the 32-bit Windows platform. It enables scripts to run directly on the Windows desktop or command prompt. With WSH, users can manipulate WSH objects, ActiveX objects, registry and file systems. Under Windows 2000, WSH is also available to access the Windows NT Active Directory Service. WSH relies on the Visual Basic Script and Jscript scripting engines provided by IE3.0 and above, so WSH can only be installed after IE3.0 and above.
12Next pageRead the full text