Shulou(Shulou.com)06/01 Report--

I think we are all familiar with regedit.exe, but we cannot set permissions on the keys of the registry, and the biggest advantage of regedt32.exe is that we can set permissions on keys of the registry. The account information of nt/2000/xp is under the HKEY_LOCAL_MACHINE\ SAM\ SAM key in the registry, but no other user has the right to view the information except the system user SYSTEM, so I first set the "full control" permission to me with the regedt32.exe SAM key. This allows you to read and write the information in the SAM key. The specific steps are as follows:

1. Suppose we log in to a chicken with Terminal Services as superuser administrator, first set up an account under the command line or in the account manager: hacker$, here I set up this account net user hacker$1234 / add under the command line

2. Enter: regedt32.exe during start / run and enter to run regedt32.exe.

3, click "permissions" will pop up the window to add my login account to the security bar, here I am logged in as administrator, so I will add administrator, and set the permission to "full control". Need to be explained here: it is best to add your login account or group, do not modify the original account or group, otherwise it will bring a series of unnecessary problems. Wait until the hidden superuser is built, and then come here to delete the account you added.

4, click "start" → "run" and enter "regedit.exe" enter to start the registry editor regedit.exe. Open key: HKEY_LOCAL_MAICHINE\ SAM\ SAM\ Domains\ account\ user\ names\ hacker$ "

5, export the items hacker$, 000003EE, 000001F4 (corresponding to Administrator) to hacker.reg, 3ee.reg, and 1f4.reg, edit the exported files with notepad, copy the value of the key "F" under the 000001F4 corresponding to the super user, and overwrite the value of the key "F" under the corresponding item 000003EE of hacker$, and then merge 000003EE.reg with hacker.reg.

6. Execute net user hacker$ / del under the command line to delete the user hacker$: net user hacker$ / del

7. Press F5 to refresh in the regedit.exe window, and then type File-Import Registry File to import the modified hacker.reg into the registry.

8. At this point, the hidden superuser hacker$ has been built, and then close regedit.exe. Change the HKEY_LOCAL_MACHINE\ SAM\ SAM key permissions back to their original appearance in the regedt32.exe window (just delete the added account administrator). For example, the following figure [figure after deleting Administrator permission]:

9. Note: after the hidden superuser is built, the hacker$ user cannot be seen in the account manager and cannot be seen on the command line with the "netuser" command, but after the superuser is established, the password can no longer be changed. If you use the netuser command to change the hacker$ password, the hidden superuser will be seen in the account manager and cannot be deleted.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.