Three minutes to get to the hidden administrator account-vulnerability warning-the black bar safety net

ID MYHACK58:62200717755
Type myhack58
Reporter 佚名
Modified 2007-11-27T00:00:00


On the regedit. exe everyone is familiar with, but not to the registry key set permissions, regedt32. exe the biggest advantages is the ability to the registry key set permissions. nt/2 0 0 0/xp account information in the registry of HKEY_LOCAL_MACHINE\SAM\SAM key, but in addition to the system user SYSTEM, other users are not authorized to view the inside information, so I first with regedt32. exe for SAM key for me set to“Full Control”permissions. So that you can on the SAM key of information within read and write. Specific Buju as follows:

1, assuming that we are the super-user administrator login to open the Terminal Services of the broiler on, first in the command line or Account Manager to set up an account:hacker$,here I am at the command line to build this account net user hacker$Content$nbsp;1 2 3 4 /add

2, the 在 开始 / 运行 中 输入 :regedt32.exe 并 回车 来 运行 regedt32.exe the.

3, point“permissions”will pop-up window click Add to my login account is added to the security box, where I is administrator login, so I will be administrator to join and set the permissions to“full control". Here need to explain:it is best to add your login account or account group, do not modify the existing account or group, otherwise it will bring a series of unnecessary problems. And other hidden the super-user built in, come here will you add your account can be deleted.

4, and then point“Start”→“Run”and input"regedit.exe" enter,启动 注册表 编辑器 regedit.exe the. Open key: HKEY_LOCAL_MAICHINE\SAM\SAM\Domains\account\user\names\hacker$"

5, The term hacker$, a 0 0 0 0 0 4 0 9, the 000001F4 exported as a hacker. reg, 4 0 9. reg, 1f4. reg with Notepad, respectively, hit it a few to export the file for editing, the super user of the corresponding item 000001F4 under the key"F"value is copied, and cover hacker$the corresponding entry 0 0 0 0 0 4 0 9 under the key"F"value,then the 0 0 0 0 0 4 0 9. reg and hacker. reg merge.

6, in the command line to perform the net user hacker$Content$nbsp;/del user hacker$delete: net user hacker$Content$nbsp;/del

7, in the regedit. exe in the window press F5 to refresh, and then hit file-import the registry file will modify the good hacker. reg to import the registry can be

8, The this, the hidden super user hacker$has been completed, 然后关闭regedit.exe the. In regedt32. exe window to HKEY_LOCAL_MACHINE\SAM\SAM key permissions changed back to the original look as long as the Delete the Add account administrator.

9, Note: To hide the super user built in Account Manager can not see the hacker$this user, at the command line with“net user”command can not see, but the super user is established, it can not change the password, if you use the net user command to change the hacker$password, then the Account Manager will also see this hidden super-user, and cannot be deleted.