Notes
  • Welcome!
  • Windows Shells
    • Introduction
    • Command Prompt
      • Basics
      • Host Enumeration
      • Files & Directories
      • Environment Variables
      • Managing Services
      • Scheduled Tasks
      • Help
    • PowerShell
      • PowerShell vs. CMD
      • Basics
      • CmdLets & Modules
      • User & Group Management
      • Files & Dirs
      • Finding & Filtering
      • Services
      • Registry
      • Windows Event Log
      • Networking Management
      • Web Interaction
      • Scripting
      • Help
  • Windows
    • Commands
    • NTFS
  • APISEC
    • API Testing
      • Recon
      • Endpoint Analysis
      • Finding Security Misconfigurations
      • Authentication Attacks
      • Exploiting API Authorization
        • BOLA
        • BFLA
      • Improper Assets Management
      • Mass Assignment Attacks
      • SSRF
      • Injection Attacks
      • Evasion & Chaining
    • API Authentication
      • Authentication Types
      • OAuth Actors
      • OAuth Interaction Patterns
      • JSON Web Tokens
      • Claims
      • APIs & Gateways
  • PostSwigger
    • Web LLM Attacks
      • Overview
      • Exploiting LLM APIs, function, & Plugins
      • Indirect Prompt Injection
      • Leaking Sensitive Data
      • Defending Against LLM Attacks
    • JWT Attacks
      • JWTs
      • Attacks
        • Flawed Signature Verfication
        • Brute-forcing Secret Keys
        • JWT Header Parameter Injections
        • Algorithm Confusion
      • Prevention
    • OAuth
      • General Information
      • Exploiting OAuth Authentication Flaws
        • Flaws in Client Application
        • Flaws in the OAuth Service
      • OpenID
  • Red Teaming LLM Applications
    • LLM Vulnerabilities
    • Red Teaming LLMs
    • Red Teaming at Scale
    • Red Teaming LLMs with LLMs
    • Red Teaming Assessment
  • Fin
    • Course 1: Basics
      • Stocks
        • General Information
        • Shares
        • Stock Basics
      • Bonds
        • General Information
        • Components
        • Valuation
      • Markets
        • What is the Stock Market
        • What is the FED
    • Course 2: Stock Investing
  • Other
    • Learning Resources
Powered by GitBook
On this page
  • Local Services
  • Remote Services
  1. Windows Shells
  2. PowerShell

Services

Local Services

The Microsoft.PowerShell.Management module contains serveral cmdlets for interacting with services.

Get-Help *-Service | ft -AutoSize

Name            Category Module                          Synopsis
----            -------- ------                          --------
Resume-Service  Cmdlet   Microsoft.PowerShell.Management Resume-Service...
Restart-Service Cmdlet   Microsoft.PowerShell.Management Restart-Servic...
Set-Service     Cmdlet   Microsoft.PowerShell.Management Set-Service...
Get-Service     Cmdlet   Microsoft.PowerShell.Management Get-Service...
Suspend-Service Cmdlet   Microsoft.PowerShell.Management Suspend-Servic...
Start-Service   Cmdlet   Microsoft.PowerShell.Management Start-Service...
Stop-Service    Cmdlet   Microsoft.PowerShell.Management Stop-Service...
New-Service     Cmdlet   Microsoft.PowerShell.Management New-Service...

Services can have a Status of: Running, Stopped, or Paused and can be set up to start manually (user interaction), automatically (system startup), or on a delay after system boot.

# Checking services' status
Get-Service | ft DisplayName,Status

DisplayName                                             Status
-----------                                             ------
Agent Activation Runtime_27727e65                       Stopped
ACC Service                                             Stopped
Adobe Acrobat Update Service                            Stopped
OpenVPN Agent agent_ovpnconnect                         Stopped
AllJoyn Router Service                                  Stopped
Application Layer Gateway Service                       Stopped
Application Identity                                    Stopped
Application Information                                 Running

# Counting the number of services
Get-Service | ft DisplayName,Status -AutoSize | Measure-Object -line

Lines Words Characters Property
----- ----- ---------- --------
  332

# Filtering the services of interest
Get-Service | where DisplayName -like '*Defender*' | ft DisplayName,ServiceName,Status


DisplayName                                             ServiceName  Status
-----------                                             -----------  ------
Windows Defender Firewall                               mpssvc      Running
Microsoft Defender Antivirus Network Inspection Service WdNisSvc    Stopped
Microsoft Defender Antivirus Service                    WinDefend   Running

# Starting a service
Start-Service WdNisSvc
# Stopping a service
Stop-Service WdNisSvc
# Checking the service's statup type
Get-Service WdNisSvc | Select-Object -Property DisplayName,Name,StartType
DisplayName                                             Name     StartType
-----------                                             ----     ---------
Microsoft Defender Antivirus Network Inspection Service WdNisSvc    Manual
# Changing the service's startup type
Set-Service -Name WdNisSvc -StartType Disabled

Remote Services

The -ComputerName parameter allows us to specify remote hosts.

# Querying running services on a remote host
Get-Service -ComputerName ACADEMY-ICL-DC | Where-Object {$_.Status -eq "Running"}
# Querying the specified service on multiple hosts
Invoke-Command -ComputerName <hosts> -ScriptBlock {<command>}
Invoke-Command -ComputerName ACADEMY-ICL-DC,LOCALHOST -ScriptBlock {Get-Service -Name 'windefend'}
PreviousFinding & FilteringNextRegistry

Last updated 1 year ago