Leveraging Windows Services

Service Binary Hijacking

Get-CimInstance -ClassName win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'}

Mask

Permissions

Full access

Modify access

Read and execute access

Read-only access

Write-only access

icacls "C:\xampp\apache\bin\httpd.exe"

Get-CimInstance -ClassName win32_service | Select Name, StartMode | Where-Object {$_.Name -like 'mysql'}

Last updated 1 year ago