Suborner is a simple program to create a Windows account you will only know about 🙂
net user
or Windows OS user management applications (e.g. netapi32::netuseradd
)Create an invisible machine account with administrative privileges, and without invoking that annoying Windows Event Logger to report its creation!
Released at Black Hat USA 2022: Suborner: A Windows Bribery for Invisible Persistence
git clone https://github.com/r4wd3r/Suborner/
Download the latest release and pwn!
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
88
.d88888b. S U B O R N E R
d88P 88"88b
Y88b.88 The Invisible Account Forger
"Y88888b. by @r4wd3r
88"88b v1.0.1
Y88b 88.88P
"Y88888P" https://r4wsec.com
88
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Description:
A stealthy tool to create invisible accounts on Windows systems.
Parameters:
USERNAME: Username for the new suborner account. Default = <HOSTNAME>$
Syntax: /username:[string]
PASSWORD: Password for the new suborner account. Default = Password.1
Syntax: /password:[string]
RID: RID for the new suborner account. Default = Next RID available
Syntax: /rid:[decimal int]
RIDHIJACK: RID of the account to impersonate. Default = 500 (Administrator)
Syntax: /ridhijack:[decimal int]
TEMPLATE: RID of the account to use as template for the new account creation. Default = 500 (Administrator)
Syntax: /template:[decimal int]
MACHINEACCOUNT: Forge as machine account for extra stealthiness. Default = yes
Syntax: /machineaccount:[yes/no]
DEBUG: Enable debug mode for verbose logging. Default = disabled
Syntax: /debug
This attack would not have been possible without the great research done by:
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…