Suborner – The Invisible Account Forger
What’s this?
A simple program to create a Windows account you will only know about 🙂
- Create invisible local accounts without
net useror Windows OS user management applications (e.g.netapi32::netuseradd) - Works on all Windows NT Machines (Windows XP to 11, Windows Server 2003 to 2022)
- Impersonate through RID Hijacking any existing account (enabled or disabled) after a successful authentication
Create an invisible machine account with administrative privileges, and without invoking that annoying Windows Event Logger to report its creation!
Where can I see more?
Released at Black Hat USA 2022: Suborner: A Windows Bribery for Invisible Persistence
- Blogpost: R4WSEC – Suborner: A Windows Bribery for Invisible Persistence
- Demo: YouTube – Suborner: Creation of Invisible Account on Windows 11
- Slides – HITB Singapore Main Track – Suborner Slides
How can I use this?
Build
- Make sure you have .NET 4.0 and Visual Studio 2019
- Clone this repo:
git clone https://github.com/r4wd3r/Suborner/ - Open the .sln with Visual Studio
- Build x86, x64 or both versions
- Bribe Windows!
Release
Download the latest release and pwn!
Usage
This attack would not have been possible without the great research done by:
- Benjamin Delpy (@gentilkiwi) and his outstanding Mimikatz
- The SecureAuth researchers behind Impacket
- Ben Ten @Ben0xA
- Infosec community!
What’s next?
Hack Suborn the planet!
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
