Create Hidden Account: creating hidden accounts using the registry
CreateHiddenAccount
There are two common ways to create a hidden account. One is to add the $ sign directly after the user name to create it, and the other is to use the registry to clone the user to create.
So I wondered if I could implement the process of cloning accounts using the registry. After searching on the Internet, I couldn’t find a convenient tool, so I wrote one myself.
In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool.
**DISCLAIMER: DO NOT USE THE TOOL FOR ILLEGAL USE, THE DEVELOPER IS NOT RESPONSIBLE OR RESPONSIBLE FOR ANY MISUSE OR DAMAGE. **
Use
Use CreateHiddenAccount.exe -h for help
Example
Add a hidden account with the user name teamssix, the tool will automatically add the $ character after the user name, so the created user name is teamssix$
When using, remember to run under administrator privileges, otherwise, it will prompt insufficient privileges.
CreateHiddenAccount.exe -u teamssix -p Passw0rd
Select the username you want to clone
CreateHiddenAccount.exe -u teamssix2 -p Passw0rd -cu test
Only create hidden users, do not modify the registry
CreateHiddenAccount.exe -u teamssix3 -p Passw0rd -oc
Check the hidden accounts of the current system.
CreateHiddenAccount.exe -c
Delete the teamssix hidden account
CreateHiddenAccount.exe -d teamssix
Notice
-
The tool requires administrator privileges to run
-
This tool is not guaranteed to work properly on 32-bit systems
-
On the domain controller machine, this tool will only add hidden users and will not modify the registry, because on the domain controller machine, user information is not stored in the registry.
-
If the control panel shows that there is a hidden user, but both tools and net user show that the user does not exist, then when the computer restarts, the hidden user in the control panel will disappear.
-
The tool will automatically add the $ character to the username without the $ character. For example, if -u specifies the user name as teamssix, the actual account added is teamssix$; if -u specifies the user name as teamssix$, then the actually added account is or teamssix$
The purpose of this is because if the user name does not have the $ character, then hiding the user is meaningless. If you just want to add an account, just use net user directly.
