//Code by Pnig0s1992 //Date:2012,3,17 #include <stdio.h> #include <Windows.h> #include <lm.h> #pragma comment(lib,"Netapi32.lib") int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName); int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName); BOOL ImprovePriv(LPWSTR name); int main(INT argc,char * argv[]) { BOOL bResult = ImprovePriv(SE_MACHINE_ACCOUNT_NAME); if(argc < 3) { printf("\nCode by Pnig0s1992"); printf("\nUsage:"); printf("\n\t%s UserName Password",argv[0]); printf("\n\tRemark:Default add to Group:Administrators."); return -1; } if(bResult) { printf("Successfully promote priv!"); }else { printf("Failed promote priv."); return -1; } int Namesize=MultiByteToWideChar(CP_ACP,0,argv[1],-1,NULL,0); wchar_t *wUserName =new wchar_t[Namesize+1]; if(!MultiByteToWideChar(CP_ACP,0,argv[1],-1,wUserName,Namesize)) { return false; } int Passsize=MultiByteToWideChar(CP_ACP,0,argv[2],-1,NULL,0); wchar_t *wPassword =new wchar_t[Passsize+1]; if(!MultiByteToWideChar(CP_ACP,0,argv[2],-1,wPassword,Passsize)) { return false; } LPTSTR lpName = wUserName; LPTSTR lpPassword = wPassword; LPWSTR lpSevName = NULL; LPWSTR lpGroupName = L"Administrators"; AddUser(lpName,lpPassword,lpSevName); SetGroup(lpName,lpSevName,lpGroupName); return 0; } BOOL ImprovePriv(LPWSTR name) { HANDLE hToken; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) { printf("\nGet process token failed.(%d)",GetLastError()); return FALSE; } TOKEN_PRIVILEGES tkp; tkp.PrivilegeCount = 1; if(!LookupPrivilegeValue(NULL,name,&tkp.Privileges[0].Luid)) { printf("\nLookup process priv failed.(%d)",GetLastError()); return FALSE; } tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(!AdjustTokenPrivileges(hToken,FALSE,&tkp,0,NULL,NULL)) { printf("\nAjust process priv failed.(%d)",GetLastError()); return FALSE; } CloseHandle(hToken); return TRUE; } int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName) { USER_INFO_1 ui; DWORD dwLevel = 1; DWORD dwError = 0; NET_API_STATUS nStatus; ui.usri1_name = lpUsername; ui.usri1_password = lpPassword; ui.usri1_priv = USER_PRIV_USER; ui.usri1_home_dir = NULL; ui.usri1_comment = NULL; ui.usri1_flags = UF_SCRIPT; ui.usri1_script_path = NULL; nStatus = NetUserAdd(lpServerName,dwLevel,(LPBYTE)&ui,&dwError); if(nStatus == NERR_Success) { printf("\nAdd user:%S successfully!",lpUsername); }else { printf("\nAdd user failed:%d.",nStatus); } return 0; } int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName) { NET_API_STATUS nStatus; LOCALGROUP_MEMBERS_INFO_3 lgui; lgui.lgrmi3_domainandname = lpUsername; nStatus = NetLocalGroupAddMembers(lpServerName,lpGroupName,3,(LPBYTE)&lgui,1); if(nStatus == NERR_Success) { printf("\nSuccessfully set USER:%S to GROUP:%S!",lpUsername,lpGroupName); }else if(nStatus == NERR_GroupNotFound) { printf("\nCan't find such a group:%S.",lpGroupName); }else { printf("\nSet GROUP:%S failed.",lpGroupName); } return 0; }
大家第一季的网络黑客渗入基础教程主要解读了端口扫描器,找寻端口号系统漏洞,并运用了2020年才出的CVE-2017-7269系统漏洞开展了一次实战演练检测。 大家第二季而言最时兴的We...
NO.1:黑客基地 站长:孤独剑客,中国黑客界第二代黑客泰斗人物。 他的名字已经在黑客界家喻户晓。他正演绎属于他自己的黑客生涯,同时他用自身的技术实力征服着每个向往黑客的人。黑客基地自2003年...
Nmap坚信大伙儿也不生疏了,今日刻意梳理成浅显易懂的Nmap的作用和使用方法,有必须的盆友请个人收藏,或是储存到自身的手机上和电脑都能够。 一、Nmap的英语的语法 nmap [sc...
什么叫DumpSec? Dumpsec是为Microst Windows建立的安全性程序流程。它能够 转储系统文件,复印机,注册表文件的DACL和SACL,并以详尽和可写的文件格式共享资源它。它还能...
大家第六课讲了,怎样把内部网的的一台设备的端口转发出去,而且明确提出一个难题,假如内部网的一台设备上不了网,可否把它的端口转发出去?回答是能的,用EarthWorm或端口转发专用工具lcx都能够保证...
什么叫Nessus? Nessus是大家都知道的漏洞扫描器之一,非常是Unix电脑操作系统。即便她们在2006年关掉了源码,并在2008年删除了完全免费版本号,该专用工具依然战胜了很多竞争者。该专用...