Security pentester Jean Maes published a tool on Github called Backdoorplz.



Backdoorplz [1] is a portable executable (PE) file that creates a user ("LegitAdmin" with password "Backdoor123!") on a Windows device and adds it to the local administrators group of granting administrator privileges to the user.
The command is done by making win32 API calls on the system.

Usage

Backdoorplz can be deployed by running directly the executable or injecting its DLL version on a legitimate program on the target device. This tool could be leveraged by adversaries to gain higher-level permissions on a system or network.


References