2010年6月20日星期日

found HKEY_LOCAL_MACHINE \ SAM \ SAM \ Domains \ Account \ Users of this item

Some time ago the more popular word "meat machine" To actually control the remote computer, then I would like to escape the hidden user account in question, in fact, create a hidden user account is relatively simple, now I'll tell create a hidden user account everyone.
fact, each user account has its own account in the registry items
first look at the data in the registry administrator what kind of items (as shown)

operating a , open the registry: HKEY_LOCAL_MACHINE \ SAM \ SAM
SAM is the place to save the user account, but this "as" the default is not visible. If we want to see the contents within its authority must first of all. (Proposed registry is not very familiar friend Do not change the registry)
operate two, recognizing the registry account Category
user account in OS in both the built-in account, or after the construction account, the the registry to see. However, there are two accounts we must be able to understand that the administrator account and guest account. (Below)

in this diagram "000001fa4" said the administrator account, even if the administrator account is renamed it will not change this value, so we can determine this value, re- Named after the administrator account.
"000001fa5" said the guest account, as this value will not be because the guest account to rename the change. Other values are basically the rest of the user account was created to generate worth. Understanding of the registry, now we have to use "net user" command to create account, and create a hidden account to be in the CMD
operate under three, use "net user" command to create account
one, first create hidden user xbx $ 1, net user xbx $ 123, abc / add here means that the establishment of a xbx $ account password is 123, abc (as shown)

1, C: \ Documents and Settings \ Administrator> net localgroup administrators xbx $ / add here means that the xbx $ user added to the management group, so that we create a user with administrator privileges.
one to observe the changes in the registry, and make corresponding changes to the registry. HKEY_LOCAL_MACHINE \ SAM \ SAM
1, find the user account we just created (Figure)

in this picture we can see "000003f6" is that we have just the newly established "xbx $" account.
2, multi-account permissions in the registry replication
found HKEY_LOCAL_MACHINE \ SAM \ SAM \ Domains \ Account \ Users of this item, open the "000001f4" key, and then open the "F" (below).

then the value of this inside, select all, paste and cover to "000003f6" of the "F" value.
3, export the registry value in the registry now
"000001f4 \
4, delete the account
Next we re-enter the "CMD" delete "xbx $" account (as shown)


delete account, then the value in the registry also No, this time we then have to export the registry key into the registry. This time we open the "Local Computer Users and Groups" to see "xbx $" account, but we can use the account log on the computer, and have administrator privileges.

没有评论:

发表评论