Suborner is a simple program to create a Windows account you will only know about 🙂
net user
or Windows OS user management applications (e.g. netapi32::netuseradd
)Create an invisible machine account with administrative privileges, and without invoking that annoying Windows Event Logger to report its creation!
Released at Black Hat USA 2022: Suborner: A Windows Bribery for Invisible Persistence
git clone https://github.com/r4wd3r/Suborner/
Download the latest release and pwn!
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
88
.d88888b. S U B O R N E R
d88P 88"88b
Y88b.88 The Invisible Account Forger
"Y88888b. by @r4wd3r
88"88b v1.0.1
Y88b 88.88P
"Y88888P" https://r4wsec.com
88
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Description:
A stealthy tool to create invisible accounts on Windows systems.
Parameters:
USERNAME: Username for the new suborner account. Default = <HOSTNAME>$
Syntax: /username:[string]
PASSWORD: Password for the new suborner account. Default = Password.1
Syntax: /password:[string]
RID: RID for the new suborner account. Default = Next RID available
Syntax: /rid:[decimal int]
RIDHIJACK: RID of the account to impersonate. Default = 500 (Administrator)
Syntax: /ridhijack:[decimal int]
TEMPLATE: RID of the account to use as template for the new account creation. Default = 500 (Administrator)
Syntax: /template:[decimal int]
MACHINEACCOUNT: Forge as machine account for extra stealthiness. Default = yes
Syntax: /machineaccount:[yes/no]
DEBUG: Enable debug mode for verbose logging. Default = disabled
Syntax: /debug
This attack would not have been possible without the great research done by:
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…