Summary of methods for creating undead accounts and hiding accounts on servers

Summary of methods for creating undead accounts and hiding accounts on servers

The idea of cloning an account in win2003 has been around for a long time, but some friends still don't

In view of the need for minor defects, I would like to explain to friends who don't know how to create undead accounts and hide accounts on the server.

First, I use a user named www.bkjia.com $.

 

We can see that even if we add$Although the symbol can be hidden under the doscommand line, it can still be seen in the user group.

1. Clone an account through the registry (create a hidden account under 3389)

 

If you find that the server does not have a Guest account, you can create one if all the servers do not.

1. Create a new account guest and run the command: net user guset password/add

If the server has this account but the Administrator has disabled it, you need to start

Start Guest Account m and run the command: net user guest/active: yes.

 

2. Run regedt32.exe, expand the sub-key HKEY_LOCAL_MACHINE \ SAM, and right-click the sub-key and select "permission.

 

In the displayed "SAM permission" dialog box, click "add" to add the Logon account to the "Group or user name" column.
(Here I log on using administrator, then add the administrator account to the "Group or user name" column)

Click application-OK and then re-open the Registry to find two more key values.
2. Right-click and export

HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ Names \ 000001F4

HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ Guest

(Random name) Exit.

4. Copy the "F" value of the key 000001F4 corresponding to the Super User Administrator, and paste the "F" value of the key under the "000003F1" corresponding to the Guest item

PS: Expand the sub-key: HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ Names \ Guest. In the window on the right, the default value is 0x3F1.

The paste is HKEY_LOCAL_MACHINE \ SAM \ Domains \ Account \ Users \ 00000.3F1Corresponding F key value

(Should it be easy to understand? The red/Black alliance has already said this in detail. If you still don't understand it, leave a message to me)
Now the hidden account of Guset has been created and the permission to open regedt32.exe has been changed to the original one.
Note:

 

Advantage: After a hidden Super User is created, we log on to the Task Manager using a hidden account and view the Administrator account, which is the account of the system Administrator, after the Administrator modifies the account and password of the system administrator, the hidden account is not affected.

 

Disadvantage: the Administrator has disabled the Guset account, deleted the Guser account, or modified its password. (generally, the Guser account is a built-in system administrator and does not have XXOO? But the server administrator who saw the text knows how to do it ?)

2. Use tools to create an undead account

 

Usage: Enter the account password and click Create.

It is better to end the account with $ so that you can see the account under the user group and the doscommand line. You can only view the account in the registry.

Solution: We can lock the registry.

REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000001

Copy the preceding code and save it as x. reg. Then run the import command.

 

This tool is actually used to clone accounts, but it works in the same way.