Summary of methods for creating undead accounts and hiding accounts on servers

Source: Internet
Author: User

Summary of methods for creating undead accounts and hiding accounts on servers

The idea of cloning an account in win2003 has been around for a long time, but some friends still don't

In view of the need for minor defects, I would like to explain to friends who don't know how to create undead accounts and hide accounts on the server.

First, I use a user named www.bkjia.com $.


 

We can see that even if we add$Although the symbol can be hidden under the doscommand line, it can still be seen in the user group.

1. Clone an account through the registry (create a hidden account under 3389)

 

If you find that the server does not have a Guest account, you can create one if all the servers do not.

1. Create a new account guest and run the command: net user guset password/add

If the server has this account but the Administrator has disabled it, you need to start

Start Guest Account m and run the command: net user guest/active: yes.

 


2. Run regedt32.exe, expand the sub-key HKEY_LOCAL_MACHINE \ SAM, and right-click the sub-key and select "permission.

 

In the displayed "SAM permission" dialog box, click "add" to add the Logon account to the "Group or user name" column.
(Here I log on using administrator, then add the administrator account to the "Group or user name" column)

Click application-OK and then re-open the Registry to find two more key values.
2. Right-click and export

HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ Names \ 000001F4

HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ Guest

(Random name) Exit.

4. Copy the "F" value of the key 000001F4 corresponding to the Super User Administrator, and paste the "F" value of the key under the "000003F1" corresponding to the Guest item

PS: Expand the sub-key: HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ Names \ Guest. In the window on the right, the default value is 0x3F1.

The paste is HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ 00000.3F1Corresponding F key value

(Should it be easy to understand? The red/Black alliance has already said this in detail. If you still don't understand it, leave a message to me)
Now the hidden account of Guset has been created and the permission to open regedt32.exe has been changed to the original one.
Note:

 

Advantage: After a hidden Super User is created, we log on to the Task Manager using a hidden account and view the Administrator account, which is the account of the system Administrator, after the Administrator modifies the account and password of the system administrator, the hidden account is not affected.

 

Disadvantage: the Administrator has disabled the Guset account, deleted the Guser account, or modified its password. (generally, the Guser account is a built-in system administrator and does not have XXOO? But the server administrator who saw the text knows how to do it ?)

2. Use tools to create an undead account

 

Usage: Enter the account password and click Create.

It is better to end the account with $ so that you can see the account under the user group and the doscommand line. You can only view the account in the registry.

Solution: We can lock the registry.

REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000001

Copy the preceding code and save it as x. reg. Then run the import command.

 

This tool is actually used to clone accounts, but it works in the same way.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.