Skip to content
/ adduser Public

Programmatically create an administrative user under Windows

178 stars 52 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

newsoft/adduser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
adduser.c
adduser.c
 
 

Repository files navigation

adduser

Programmatically creates a 'local admin' Windows user. Requires admin rights. The created user is hardcoded to the following:

Login: audit Password: Test123456789! (this should be good enough to fit most password policies)

This standalone piece code can run in many contexts:

  • As a command-line EXE.
  • As a DLL (the user will be created on DLL load). This is useful to exploit "DLL Preloading" issues.
  • As a DLL, through rundll32.exe adduser.dll,CreateAdminUser@16. This is useful to bypass mandatory code signing applied to EXE files only.

Compiling

Using MinGW (tested on macOS, but Linux should work)

  • Create a 32-bit EXE file: i686-w64-mingw32-gcc -oadduser32.exe adduser.c -lnetapi32
  • Create a 32-bit DLL file: i686-w64-mingw32-gcc -shared -oadduser32.dll adduser.c -lnetapi32
  • Create a 64-bit EXE file: x86_64-w64-mingw32-gcc -oadduser64.exe adduser.c -lnetapi32
  • Create a 64-bit DLL file: x86_64-w64-mingw32-gcc -shared -oadduser64.dll adduser.c -lnetapi32

Using Visual Studio (tested with VS2013)

  • Create an EXE file: cl.exe adduser.c /link /DEFAULTLIB:ADVAPI32 /DEFAULTLIB:NETAPI32
  • Create a DLL file: cl.exe adduser.c /LD /link /DEFAULTLIB:ADVAPI32 /DEFAULTLIB:NETAPI32

About

Programmatically create an administrative user under Windows

Resources

Readme
Activity

Stars

178 stars

Watchers

5 watching

Forks

52 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages