Persistence Using Service Control Manager and Obfuscated Service Binary

Description

This script establishes persistence by installing a obfuscated .NET service binary that reflectively loads a Specter implant.

Overview

This script generates an obfuscated .NET service binary, saves it to disk, and then leverages the Service Control Manager API to create and run a service on the localhost that starts the service binary. The service will be run under the NT AUTHORITY\SYSTEM account.

Arguments

Parameter Type Description
Build string The Specter build identifier.
Directory string The folder where the service directory will be created.
Payload string The type of payload to drop.
StartImmediately bool Determines whether or not to start the persistence method immediately.

Operating Systems

  • Windows

Dependencies

  • common
  • lateral

Pre-Requisites

  • Administrator rights
  • High integrity process
Scroll to Top