Powershell - Non-standard update service on host

I started HTB Academy a few weeks ago and started some of the Fundamentals Modules. In Windows Fundamentals, one of the questions there is to “Identify one of the Non-standard update service running on host”,but the module did not mention anything about a command line looking for it and I do not know what a non-standard update service is. From what I understand is that it’s something that didn’t come with the OS.

If someone can explain it to me further, that would be lovely.

Thank you

2 Likes

Is this any help?

1 Like

Type your comment> @TazWake said:

Is this any help?

Window non-standard application concept - #2 by TazWake - Off-topic - Hack The Box :: Forums

I have a clearer understanding of it now, I will try it again. Thank you so much!

ScriptKiddy Giving away the answer does not direct your associates to discover the means of obtaining the answer by learning the right technique… lol

1 Like

So true. Post removed.

So, the answer is there on youtube but I do not like the way it was approached since the hint does say to use powershell, and also it didn’t use the ways academy explained. There are many ways that you can get the answer but I did it like HTB thought me. First I wanted to see what services are running and what of those services have something about update: Get-Service |? {$.Status -eq ‘Running’} | ? {$.DisplayName -Match ‘Update’}
Since it is good to type on the web names of services just to make sure what are standard services in windows. Non-standard service in this case was “FoxitReaderUpdateService”. After that I went to the Resource Monitor to see what was the file name and would you guess it is just service name + .exe(FoxitReaderUpdateService.exe)

6 Likes

answer is :FoxitReaderUpdateService.exe

2 Likes

Please, @alex222 don’t just give away the answer. As explained in the post I responded to.

1 Like

Hoo Thanks i Got The Same Answer But i did’t read question carefully so it ends with .exe

I had some issues with this as well but found some good MS documentation:

Suggesting to use:
Get-Service -Displayname “<insert_search_word>
Which helped me a great bit on the way.

1 Like

I decided to modify a little the command that is given in the reading
Get-Service | ? {$_.Status -eq “Running”} | select -First 2 |fl

here i decide to add this { $_.DisplayName -like “update” }

Get-Service | ? { $.DisplayName -like “update” -and $.Status -eq “Running” } | fl
then according to the question “Identify one of the non-standard update services running on the host” I knew I had to search with a name “update” and also with the status “running” then I found 3 services running and decided to copy the first service and paste it on the internet “FoxitReaderUpdateService” > FoxitReaderUpdateService.exe Windows process - What is it? then reading a bit about this service it said something about “Foxit Reader is a popular PDF viewer and editor.” and if you click hint in the question it says something about pdf and editor, then that was the answer.
but every time I sent it, it said wrong answer, I didn’t know I had to write .exe at the end.

the challenge was good but the intrusions are not good.
that’s what I like about hackthebox academy it makes you think a lot.