Secondary Categories: 02-Persistence
Local Account
Once you’ve gained administrative access to the system you can add a local account
net user ap3x Password123 /add
We can add the user we just created to the local system group.
net localgroup administrators ap3x /add
Clean up your accounts after an engagement.
net user ap3x /add
Domain Account
After obtaining domain administrator in an engagement an account can be created and added to one of the admin groups to persist on the network and perform other post exploitation actions
net user ap3x Password123 /add /domain
net group "Domain Admins" ap3x /add /domain
Another good method is to add a comment to the user account and set it to expire just in case you forget to clean up or lose access
net user ap3x /comment:"Account created during red team assesment"
net user ap3x /expires:01/01/2023
Title | URL |
---|---|
MITRE | https://attack.mitre.org/techniques/T1136 |
Also Check Out:
- PLACEHOLDER