中文 | EN
There are two common ways to create a hidden account. One is to add the $ sign directly after the user name to create it, and the other is to use the registry to clone the user to create. .
So I wondered if I could implement the process of cloning accounts using the registry. After searching on the Internet, I couldn't find a convenient tool, so I wrote one myself.
In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool.
**DISCLAIMER: DO NOT USE THE TOOL FOR ILLEGAL USE, THE DEVELOPER IS NOT RESPONSIBLE OR RESPONSIBLE FOR ANY MISUSE OR DAMAGE. **
- CreateHiddenAccount.exe BypassAV works better
- CreateHiddenAccount_upx.exe Smaller size
CreateHiddenAccount.exe -h for help
- -c Check the hidden accounts of the current system
- -cu Set clone user (default "Administrator")
- -d Set delete username, If the username does not end with a $ sign, a $ sign will be added automatically
- -oc Only create hidden users, do not clone users by modifying the registry
- -p Set password
- -u Set username, If the username does not end with a $ sign, a $ sign will be added automatically
- -v View version
Add a hidden account with the user name teamssix, the tool will automatically add the $ character after the user name, so the created user name is teamssix$
When using, remember to run under administrator privileges, otherwise it will prompt insufficient privileges.
CreateHiddenAccount.exe -u teamssix -p Passw0rd
Select the username you want to clone
CreateHiddenAccount.exe -u teamssix2 -p Passw0rd -cu test
Only create hidden users, do not modify the registry
CreateHiddenAccount.exe -u teamssix3 -p Passw0rd -oc
Check the hidden accounts of the current system.
Delete the teamssix hidden account
CreateHiddenAccount.exe -d teamssix
In the end, if there is any bug to open an issue, the Star will be gone, you know.