A simple C# windows service implementation that can be used to demonstrate privilege escalation from misconfigured windows services.
The current version is only 5KB, built for the .NET 2.0 runtime, and can be used against windows services with unquoted service paths by simply placing it in C:\ and restarting the service. The result is a backdoor administrator account: ehud
ehud-User
Virus Analysis:
https://www.virustotal.com/en/file/7011745a101fc89c9813a919997901d79a38121e82d1a00315b107d55772d44e/analysis/
Usage:
1. Download Program.exe and Run
2. See at Control Panel –> User Account –> Manage Accounts
3. Delete Again. (Just For Demonstrate)
SneakyService
Has been Tested on Windows Xp/7/8.1/10
Download : Program.exe(5KB) | 1.0.zip | 1.0.tar.gz
Source : https://github.com/TeeEmmVee/SneakyService