From 0bbca54a4500bf3edfc83ea4d98ed223f6be16c8 Mon Sep 17 00:00:00 2001
From: hydr0nium <37932436+hydr0nium@users.noreply.github.com>
Date: Wed, 8 Oct 2025 19:08:46 +0200
Subject: [PATCH] Added services command

---
 evil_winrm_py/evil_winrm_py.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/evil_winrm_py/evil_winrm_py.py b/evil_winrm_py/evil_winrm_py.py
index 9d628bd..06bfd83 100644
--- a/evil_winrm_py/evil_winrm_py.py
+++ b/evil_winrm_py/evil_winrm_py.py
@@ -66,6 +66,7 @@ class Krb5Error(Exception):
     "menu",
     "clear",
     "exit",
+    "services",
 ]
 COMMAND_SUGGESTIONS = []
 
@@ -142,6 +143,7 @@ def show_menu() -> None:
         ("download <remote_path> <local_path>", "Download a file"),
         ("loadps <local_path>.ps1", "Load PowerShell functions from a local script"),
         ("runps <local_path>.ps1", "Run a local PowerShell script on the remote host"),
+        ("services", "Show the running services (except system services)")
         ("menu", "Show this menu"),
         ("clear, cls", "Clear the screen"),
         ("exit", "Exit the shell"),
@@ -896,6 +898,19 @@ def interactive_shell(r_pool: RunspacePool) -> None:
                 log.info("Displaying menu.")
                 show_menu()
                 continue
+            elif command_lower == "services":
+                log.info("Displaying services.")
+                get_services_command = '$servicios = Get-ItemProperty "registry::HKLM\System\CurrentControlSet\Services\*" | Where-Object {$_.imagepath -notmatch "system" -and $_.imagepath -ne $null } | Select-Object pschildname,imagepath  ; foreach ($servicio in $servicios  ) {Get-Service $servicio.PSChildName -ErrorAction SilentlyContinue | Out-Null ; if ($? -eq $true) {$privs = $true} else {$privs = $false} ; $Servicios_object = New-Object psobject -Property @{"Service" = $servicio.pschildname ; "Path" = $servicio.imagepath ; "Privileges" = $privs} ;  $Servicios_object | Format-List}'
+                services, streams, had_errors = run_ps_cmd(r_pool, get_services_command)
+                if not services:
+                    print(
+                        RED + "[-] Can not retrieve service information" + RESET
+                    )
+                    continue
+                print(services)
+                continue
+
+
             elif command_lower.startswith("download"):
                 command_parts = quoted_command_split(command)
                 if len(command_parts) < 3: