During the creation of a long article about lateral movement using WMI, i've collected a good number of techniques to remotely manipulate Windows Services using WMI and Powershell.


So, i decided to publish this sourcecode in form of PowerShell module, aided by this good article by Kevin Marquette.

The result can be found here: PSNTServicesUtils: Simple Powershell module for NT Services manipulation via WMI.

Here a brief description of functions:

Get-Services-List

Returns a list of NT Services on a remote host

Usage
Get-Services-List <REMOTE HOST>
Parameters
  • REMOTE HOST (String): target system

Get-Service

Return details of a specific NT Service on a remote host

Usage
Get-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

Install-Service

Usage
Install-Service <SERVICE NAME> <REMOTE HOST> <DISPLAY NAME> <PHYSICAL PATH> <USERNAME> <PASSWORD> <START MODE> <DESCRIPTION> <INTERACT WITH DESKTOP>
Parameters
  • SERVICE NAME (String): new Service Name
  • REMOTE HOST (String): target system
  • DISPLAY NAME (String): display name of new service
  • PHYSICAL PATH (String): physical path of service's executable
  • USERNAME (String): username of identity used for starting service
  • PASSWORD (String): password of identity used for starting service
  • START MODE (String): start mode of the new service (Automatic,Manual,Disabled)
  • DESCRIPTION (String): extended  description of the service
  • INTERACT WITH DESKTOP (Boolean): define if the service need to interact with UI

Start-Service

Starts a service on a remote system

Usage
Start-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

Stop-Service

Terminate a service on a remote system

Usage
Stop-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

Uninstall-Service

Remove a service from a remote system

Usage
Uninstall-Service <SERVICE NAME> <REMOTE HOST>
Parameters
  • SERVICE NAME (String): target NT service
  • REMOTE HOST (String): target system

More information and downloads