Below we will see a possibility to create hidden but active user accounts in Windows via a net user command.
This feature is increasingly being used by malware to create a backdoor on the system.
First open a window linecommands with administrator rights. The syntax to add a user with the net command is very simple:
net user / add randomuser randompassword
The above command will create a regular user that can be found in the list of users of your system
But here we will see another one mode. It is possible to hide a user backdoor so that it is not visible through the net user command.
If you add the $ symbol when creating an account:
net user / add evilbob $ evilpassword
Ο user evilbob will not appear in the net user command.
But is there an account? Of course there is:
The net user command will not show the hidden user, but it appears from the Windows settings
However it is also possible to become invisible from the Control Panel by setting User flags to UF_WORKSTATION_TRUST_ACCOUNT.
Read here: https://github.com/ben0xa/doucme
