Skip to content
/ DSC_SVC_REMOTE Public

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

50 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VirtualAlllocEx/DSC_SVC_REMOTE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
DSC_SVC_REMOTE
DSC_SVC_REMOTE
 
 
README.md
README.md
 
 

Repository files navigation

DSC_SVC_REMOTE

This code example allows you to create a malware.exe sample that can be run in the context of a Windows system service, and could be used for local privilege escalation in the context of e.g. unquoted service path or file permisson vulnerability, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

  1. Replace the link to your hosted .bin payload

image

  1. Change the name of the service to your service

image image

  1. Start the respective service and retreive session in system context

cmd>

sc start unquotedsvc

image

References

https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html

About

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

Topics

av-evasion av-bypass edr-bypass edr-evasion direct-syscalls

Resources

Readme
Activity

Stars

50 stars

Watchers

2 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages