Prevent hackers from hacking into the win system you are using (hidden account) _win server

Create a hidden account on the broiler for use when needed. Account hiding technology is the most hidden back door, the general user is difficult to find hidden accounts in the system, so the harm is very large, this article on the hidden account of hackers commonly used techniques to uncover.

Before we hide the system account, we need to know how to view the accounts that already exist in the system. In the system, you can go to the command prompt, Control Panel Computer Management, registry to view the existing accounts, and administrators generally only check for exceptions in command prompt and Computer Management, so how to hide the system account in both of these will be the focus of this article.

One, "command Prompt" in the conspiracy

In fact, the production system hidden account is not very advanced technology, using our usual "command prompt" can be used to create a simple hidden account.

Click "Start" → "Run", enter "CMD" Run "Command Prompt", enter "NET user piao$ 123456/add", return, the success will show "Command completed successfully". Then enter the "net localgroup Administrators piao$/add" return, so that we can use the "command Prompt" to create a user named "piao$", password "123456" simple "hidden Account", and raise the hidden account for administrator privileges.

Let's see if the hidden account was built successfully. In the command prompt, enter the command "NET user" to view the system account, and the account that exists in the current system is displayed after the carriage return. From the results of the return we can see that the "piao$" account we have just established does not exist. Then let's go to the Admin tool in Control Panel, open the "computer" in it, see "Local Users and Groups" in it, the hidden account "piao$" that we established in "user" is exposed.

The conclusion is that this method can only hide the account in the command prompt, but there is nothing to do with Computer Management. So this hidden account method is not very practical, only for those who are careless administrators, is an entry-level system account concealment technology.

Second, in the "registry" to play the account hidden

From the above we can see that the method of hiding accounts with command prompt is very obvious, it is easy to expose yourself. Is there a technology to hide accounts at both the command prompt and Computer Management? The answer is yes, and all it takes is a little setup in the registry to completely evaporate the system account in both.

1, turn the table, to the Administrator registry operation Rights

The key value of the system account is operated on in the registry and needs to be modified at "Hkey_local_machinesamsam", but when we get there, we find that the key value cannot be expanded. This is because the system defaults to "write D AC" and "Read Control" permissions to the system administrator, and does not give permission to modify, so we have no way to view and modify the key values under the "SAM" key. However, we can use another registry Editor in the system to give administrators permission to modify.

Click "Start" → "Run", enter "Regedt32.exe" after the return, and then pop-up another "Registry Editor", and we usually use the "Registry Editor" is that it can modify the System account operation Registry permissions (for easy understanding, Hereinafter referred to as Regedt32.exe). In Regedt32.exe to "Hkey_local_machinesamsam", click on the "Security" menu → "permission" in the pop-up "Sam's Permissions" edit window Select the "Administrators" account, in the lower permission settings to check " Full Control, click "OK" when you are done. Then we switch back to Registry Editor and we can see that the key values under "Hkey_local_machinesamsam" can be expanded.

Tip: The method mentioned above applies only to Windows nt/2000 systems. In Windows XP system, the operation of permissions can be done directly in the registry, by selecting the item that needs to be set, right-clicking, and choosing permissions.

2, cynical, replace the hidden account with the administrator

After successfully getting the registry operation Rights, we can formally start to hide the production of the account. To the "Hkey_local_machinesamsamdomainsaccountusersnames" Registry Editor, all existing accounts in the current system will be shown here, including our hidden accounts, of course. Click on our hidden account "piao$", on the right side of the key value of the "type" shown as 0x3e9, up to the "hkey_local_machinesamsamdomainsaccountusers", you can find the "000003E9" this item , the two correspond to each other, and all information about the hidden account "piao$" is in "000003E9". Similarly, we can find the "administrator" account corresponding to the item "000001F4".

Export the key value of "piao$" to Piao$.reg, and export the F-key values of "000003E9" and "000001f4" to User.reg,admin.reg respectively. Open Admin.reg with Notepad, copy the contents of the "F" value, and replace the contents of the "F" value in User.reg, and save it when finished. Next you go to the command prompt and enter "NET user piao$/del" to remove the hidden account that we created. Finally, the Piao$.reg and User.reg are imported into the registry, so that the hidden account is produced.

3, ladder, cut off the way to remove hidden accounts

Although our hidden accounts have been hidden in command prompt and Computer Management, but experienced system administrators may still be able to delete our hidden accounts through Registry Editor, how can we keep our hidden accounts rock solid?

Open "Regedt32.exe", Go to "Hkey_local_machinesamsam", set the "SAM" Item permissions, the "Administrators" has the right to cancel all. An error occurs when a real administrator wants to operate on an item under "Hkey_local_machinesamsam" and cannot be given permission again through "Regedt32.exe". Such an inexperienced administrator would have no alternative but to discover hidden accounts in the system.