Brief description:
You can use special characters to create a hidden account. The account is not displayed on the command line interface. It is blank in the user management panel ..
Detailed description:
You can use the blank characters in V9 in the smart abcinput method to create a hidden account. You cannot create a hidden account in the command line. You can first write a batch, as shown below:
Net user 123/add
Net localgroup administrators/add
Note that the blank characters are not spaces.
After the account is created, run the "net user" command on the command line to check whether the account is blank.
After this account is created, you cannot directly log on to mstsc. You need to enter a special character in the user name column on the General tab of the Remote Desktop options panel, and then connect again.
Proof of vulnerability:
Create a batch. The content is as follows.
Net user 123/add
Net localgroup administrators/add
After execution, check the user management interface to see if there is a blank account.
Solution:
Filter out these special characters.