tags:

views:

227

answers:

2
+3  Q: 

Creating Windows Account using C++

Hi all,

I will give a basic rundown of the situation first. I work for a game server rental company that is falling victim to an exploit inside of a major game engine (source). Basically, the developers left not one but two exploits inside the code, one to Send/Recieve files, and one that lets clients run plugins. Whats happening is clients are running plugins, uploading custom plugins to the servers, then the servers are running them, and as a result creating remote desktop accounts that these exploiters are using to access machines. (Theres actually a video on youtube of someone breaking into one of our boxes lol)

I have spent all day writing a fix for this, by blocking the SendFile() and RecieveFile() functions on the server side, however my employer has asked that while I am doing this, I use the exploit to gain access to a box he lost the password to. So I have written all of the necessary code, except I need to be able to create a temporary account much like these exploiters are doing. So any help with code on creating a windows account from c++ would be most appreciated. I have been told there are plenty of samples on Google, but apparently google skills are not up to par.

+3  A: 

You need to use NetUserAdd with server name NULL (local computer). There's a nice C++ example that illustrates it on the page.

Kornel Kisielewicz  2010-01-16 00:39:49
A: 

I implemented it, but im getting error code 5 printed, which I believe is "User Account already exist" which doesn't make sense because the account is just a total BS name I made up. Also, it seems LPBYTE is not defined for some reason, although I definitely have windows.h included at the top of the source. Here's the code CODE LINK Btw, thanks for the fast useful responses!

As for the comments left...

1) I cant really do anything to Valve. They are a massive company making some of the top games in the world. Were just using their freely distributed server files so we cant really sue them for giving us crappy made applications.

2) Im not actually giving him this to run. I setup a game server using TCAdmin (our game server admin program) as a dummy account for myself. Im going to load this dll in as a plugin, and have it create my dummy account so he can get back into his box.

3) Before you decide to be a jackass, consider the fact that I could have just asked how to create a user account using the windows API without explaining the situation if I planned to use this for malicious purposes.

Brett Powell  2010-01-16 03:40:50

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS