Description
This script loads a SpecterInsight implant onto the remote system by installing a custom service binary that reflectively loads a Specter.
Overview
This script leverages the Service Control Manager API to create and execute a remote service on the operator specified system using username and password. The custom service binary is run under the NT AUTHORITY\SYSTEM account. The $Hostname parameter can be either hostname, FQDN, or IP.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Target | string | The IP address or hostname of the system to run the cradle. |
| Username | string | The local or domain username to authenticate with. |
| Password | string | The password for the specified user. |
| Build | string | The Specter build identifier. |
| Directory | string | The folder where the service directory will be created. |
| Payload | string | The type of payload to drop. |
Operating Systems
- Windows
Dependencies
- common
- lateral
Pre-Requisites
- Valid credentials for the target systems.
- Service Control Manager
- Firewall permissions to establish RPC connections
- Server Service
- Administrative Shares enabled
- Firewall permissions allowing SMB connections