Create and manage Windows Services using PowerShell and WMI

During the creation of a long article about lateral movement using WMI, i’ve collected a good number of techniques to remotely manipulate Windows Services using WMI and Powershell.


So, i decided to publish this sourcecode in form of PowerShell module, aided by this good article by Kevin Marquette.

The result can be found here: PSNTServicesUtils: Simple Powershell module for NT Services manipulation via WMI.


Here a brief description of functions:

Get-Services-List

Returns a list of NT Services on a remote host

Usage
Get-Services-List <REMOTE HOST>
Parameters
  • REMOTE HOST (String): target system

Get-Service

Return details of a specific NT Service on a remote host

Usage
Get-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

Install-Service

Usage
Install-Service <SERVICE NAME> <REMOTE HOST> <DISPLAY NAME> <PHYSICAL PATH> <USERNAME> <PASSWORD> <START MODE> <DESCRIPTION> <INTERACT WITH DESKTOP>
Parameters
  • SERVICE NAME (String): new Service Name
  • REMOTE HOST (String): target system
  • DISPLAY NAME (String): display name of new service
  • PHYSICAL PATH (String): physical path of service’s executable
  • USERNAME (String): username of identity used for starting service
  • PASSWORD (String): password of identity used for starting service
  • START MODE (String): start mode of the new service (Automatic,Manual,Disabled)
  • DESCRIPTION (String): extended  description of the service
  • INTERACT WITH DESKTOP (Boolean): define if the service need to interact with UI

Start-Service

Starts a service on a remote system

Usage
Start-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

Stop-Service

Terminate a service on a remote system

Usage
Stop-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

Uninstall-Service

Remove a service from a remote system

Usage
Uninstall-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

More information and downloads

Related posts

  1. How to monitor battery healt and optimize power consumption on Windows 10 laptops without additional softwares
  2. Windows Forensic Analysis: some thoughts on RDP related Event IDs
  3. Weekly Cybersecurity Roundup #8
  4. Practical approach to Golden Ticket Attacks: one technique, five useful tools
  5. Be careful! A Windows flaw lets Zoom leak network credentials and run code remotely