Description
This script establishes persistence by installing a obfuscated .NET service binary that reflectively loads a Specter implant.
Overview
This script generates an obfuscated .NET service binary, saves it to disk, and then leverages the Service Control Manager API to create and run a service on the localhost that starts the service binary. The service will be run under the NT AUTHORITY\SYSTEM account.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Build | string | The Specter build identifier. |
| Directory | string | The folder where the service directory will be created. |
| Payload | string | The type of payload to drop. |
| StartImmediately | bool | Determines whether or not to start the persistence method immediately. |
Operating Systems
- Windows
Dependencies
- common
- lateral
Pre-Requisites
- Administrator rights
- High integrity process