Instagram Linkedin Twitter Youtube
Search
  • Home
  • Pentesting Tools
  • Vulnerability Analysis
  • Information Gathering
  • Web Application Security
  • Forensics
  • Malware
  • OSINT
Instagram Linkedin Twitter Youtube
Kali Linux Tutorials Kali Linux Tutorials
Kali Linux Tutorials Kali Linux Tutorials
Home Kali Linux Suborner : The Invisible Account Forger
  • Kali Linux

Suborner : The Invisible Account Forger

By
R K
-
February 26, 2023
Suborner : The Invisible Account Forger

Suborner is a simple program to create a Windows account you will only know about 🙂

  • Create invisible local accounts without net user or Windows OS user management applications (e.g. netapi32::netuseradd)
  • Works on all Windows NT Machines (Windows XP to 11, Windows Server 2003 to 2022)
  • Impersonate through RID Hijacking any existing account (enabled or disabled) after a successful authentication

Create an invisible machine account with administrative privileges, and without invoking that annoying Windows Event Logger to report its creation!

Where can I see more?

Released at Black Hat USA 2022: Suborner: A Windows Bribery for Invisible Persistence

  • Blogpost: R4WSEC – Suborner: A Windows Bribery for Invisible Persistence
  • Demo: YouTube – Suborner: Creation of Invisible Account on Windows 11
  • Slides – HITB Singapore Main Track – Suborner Slides

How can I use this?

Build

  • Make sure you have .NET 4.0 and Visual Studio 2019
  • Clone this repo: git clone https://github.com/r4wd3r/Suborner/
  • Open the .sln with Visual Studio
  • Build x86, x64 or both versions
  • Bribe Windows!

Release

Download the latest release and pwn!

Usage

 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

      88
  .d88888b.                  S U B O R N E R
 d88P 88"88b
 Y88b.88        The Invisible Account Forger
 "Y88888b.                        by @r4wd3r
      88"88b                          v1.0.1
 Y88b 88.88P
  "Y88888P"               https://r4wsec.com
      88
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Description:

    A stealthy tool to create invisible accounts on Windows systems.

Parameters:

    USERNAME: Username for the new suborner account. Default = <HOSTNAME>$
    Syntax: /username:[string]

    PASSWORD: Password for the new suborner account. Default = Password.1
    Syntax: /password:[string]

    RID: RID for the new suborner account. Default = Next RID available
    Syntax: /rid:[decimal int]

    RIDHIJACK: RID of the account to impersonate. Default = 500 (Administrator)
    Syntax: /ridhijack:[decimal int]

    TEMPLATE: RID of the account to use as template for the new account creation. Default = 500 (Administrator)
    Syntax: /template:[decimal int]

    MACHINEACCOUNT: Forge as machine account for extra stealthiness. Default = yes
    Syntax: /machineaccount:[yes/no]

    DEBUG: Enable debug mode for verbose logging. Default = disabled
    Syntax: /debug

Credits:

This attack would not have been possible without the great research done by:

  • Benjamin Delpy (@gentilkiwi) and his outstanding Mimikatz
  • The SecureAuth researchers behind Impacket
  • Ben Ten @Ben0xA
  • Infosec community!

Click Here To Download

Related

  • TAGS
  • Account Forger
  • Suborner
  • windows
  • Windows NT
Facebook
Twitter
Pinterest
WhatsApp
    Previous articleMonomorph : MD5-Monomorphic Shellcode Packer
    Next articleAws-Security-Assessment-Solution – An AWS Tool To Help You Create A Point In Time Assessment Of Your AWS Account
    R K
    R K

    RELATED ARTICLESMORE FROM AUTHOR

    Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell
    Kali Linux

    Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

    CVE-Search
    Kali Linux

    CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

    ROADTools : The Azure AD Exploration Framework
    Kali Linux

    ROADTools: The Modern Azure AD Exploration Framework

    cp command

    cp Command: Copy Files and Directories in Linux

    0xSnow - September 20, 2025 0
    The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether making a backup, organizing a project, or moving content, cp allows...
    image osint

    Image OSINT

    0xSnow - September 20, 2025 0
    Introduction In digital investigations, images often hold more information than meets the eye. With the right tools and techniques, analysts can uncover hidden metadata, find...
    cat Command

    cat Command: Read and Combine File Contents in Linux

    0xSnow - September 20, 2025 0
    The cat command short for concatenate, It is a fast and versatile tool for viewing and merging file contents directly from the Linux terminal. Whether you're...
    ports in networking

    Port In Networking

    Tamilselvan S - September 20, 2025 0
    What is a Port? A port in networking acts like a gateway that directs data to the right program on a device. An IP address...
    ls command

    ls Command: List Directory Contents in Linux

    0xSnow - September 20, 2025 0
    The ls command is fundamental for anyone working with Linux. It’s used to display the files and directories in your current location, helping you stay organized...
    KALI LINUX TUTORIALS
    Contact us: admin@kalilinuxtutorials.com
    Instagram Linkedin Twitter Youtube

    EVEN MORE NEWS

    cp command

    cp Command: Copy Files and Directories in Linux

    September 20, 2025
    image osint

    Image OSINT

    September 20, 2025
    cat Command

    cat Command: Read and Combine File Contents in Linux

    September 20, 2025

    POPULAR CATEGORY

    • Kali Linux2931
    • Cyber security912
    • Hacking Tools300
    • Pentesting Tools197
    • Exploitation Tools144
    • TECH134
    • Vulnerability Analysis116
    • Home
    • Pentesting Tools
    • Vulnerability Analysis
    • Information Gathering
    • Web Application Security
    • Forensics
    • Malware
    • OSINT
    © Kalilinuxtutorials.com 2025
    MORE STORIES

    TimeWarrior : Commandline Time Reporting

    October 8, 2020

    PhoneSploit : Using Open ADB Ports We Can Exploit A Android...

    June 3, 2019

    Intensio Obfuscator : Obfuscate A Python Code 2.x & 3.x

    June 14, 2019