CMD functions

Can I create a windows account who is in administrator group by using CMD?

creating user?
rebooting machine?

If I can,

how Can I disable it to be used?

wscript.shell can be used in ASP or PHP by IUSR_....
I want that
only administrator can use wscript.shell other user can't..
how can I do that

(Oo;?(There seems to be as follows: )

1. Use Windows Script Host（WSH）

2. Use NET USER command, in batch.

3. or CSVDE command.

4. or LDIFDE command.

5. or ADDUSERS command.

(^^;?(If you are talking of that server, all commands are unreliable. Yes, even "dir" or "netstat" can tell a lie. You can entrust in nothing. That's a way of it.)

Users can be created by using CMD, think it's something like :When in the Command Prompt, you can find out more on this by typingAlthough this can be done. I'm not too sure about creating them with Admin privileges as I have never really created accounts in this way.

As to disabling it, you can't disable users from using certain commands in the Command Prompt, only thing you can do is restrict access to it altogether if it is a problem. However, if the script can only be run with admin privileges, then you might not have a problem.

I tried "net user <username> <password> /ADD"
It worked..

this is about my server's security..
a hacker can create users by using wscript.shell in ASP or PHP or ASP.NET.


for example
he uploads a dll file named HACK.DLL
hack.dll can be registered by using wscript.shell
hack.dll can create users with administrator permissions


and I want to block this

you mean
if only admin can use this, you are safe.
Yes but how can I do this safety ?

Do what safety ?

If this is for your server, shouldn't you be more concerned about putting a very good firewall in place so that hacker attempts are futile and you wouldn't need to worry about user create scripts ?

Or, am I coming at this from the wrong angle ?

(^^;?(lol. And it's just a drop in the ocean, though.)

regsvr32 /u hack.dll

this server has more than 100 hosting customers.
this server is a dedicated server.. I access it via remote connection.
If I use a local firewall I can't access it anymore.
my solution isnt firewall..

I have to give my customers the rights to use server-side-scripting
but there are some holes about windows scripting host.
I have to limit it.

I gave an example
and I said "for example" read again please..

hack.dll
or
loveme.dll
or
doyouwannaabeer.dll

more and more.

I can't know what is the file name.
but I think I can stop him to register this DLL files by using wscript.shell..

get it?

(^^;?(I see. I don't think you can stop him so easily, though.)

Similar hack.dll is reported as Trojan maker.

Your case is not rare, root highjacked. Actually there are many articles combatting with crackers. And it usually seems to take a lot of time to expel or improve situation even for experts. There is no easy solution. Long patient observance and procedures are needed. Analyzation of access log before its deletion, and any change on HDD. He prepared much and got your system, but you know nothing about him.

Try netstat -a apart from its effectivity or Ethereal or anything, you must know him well.

if it was not easy, all hosting firms were hacked.
I believe there is a so easy solution about it.

I think it is better to move this thread to IIS forum.
wscript.shell is usually used in server-side-scripting.

MOD, could you please move the thread, so I don't need to create new one.

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q278/3/19.asp&NoWebContent=1
I hope this is what I need

thank you all friends..
I will tell if he idiot comes again