sc.exe sdset scmanager D:(A;;KA;;;WD)
Setting the security descriptor on the service manager allows anyone to start SYSTEM services.
To show the security descriptor of service manager:
sc.exe sdshow scmanager
The Mitre Att&ck framework has technique T1569.002 for this "System Services: Service Execution", writing: "Adversaries may abuse the Windows service control manager to execute
malicious commands or payloads. The Windows service control manager (
services.exe) is an interface to manage and manipulate services. The service control manager is accessible to users via GUI components as well as system utilities such as
sc.exe and Net."
Microsofts own documentation about
Sets a service's security descriptor, using the Service Descriptor Definition Language (SDDL).
sc [<ServerName>] sdset <ServiceName> <ServiceSecurityDescriptor>
Specifies the name of the remote server on which the service is located. The name must use the Universal Naming Convention (UNC) format (for example, \\myserver). To run SC.exe locally, omit this parameter.
Specifies the service name returned by the getkeyname operation.
Specifies the service descriptor in SDDL.
Displays help at the command prompt.
To explain the DACL
D:(A;;KA;;;WD) gav_gall asked ChatGPT to explain: