Below we will see a possibility to create hidden but active user accounts in Windows through a net user command.
This feature is being used more and more by malicious software to create a backdoor in the system.
For a start, open a command prompt window with administrator privileges. The syntax for adding a user with the net command is very simple:
net user / add randomuser randompassword
The above command will create a regular user that can be found in the list of users of your system
But here we will see another function. It is possible to hide a user backdoor so that it is not visible through the net user command.
If you add the $ symbol when creating an account:
net user / add evilbob $ evilpassword
The evilbob user will not appear in the net user command.
But is there an account? Of course there is:
The net user command will not show him secret user, but it can be seen from Windows settings
However it is also possible to become invisible from the Control Panel by setting User flags to UF_WORKSTATION_TRUST_ACCOUNT.
Read here: https://github.com/ben0xa/doucme