by

032789_NSASecretListener - NSA Secret Listener Service in Windows

I was debugging some services in one of my Azure servers when I came around the command sc which allows to communicate with the Windows Service Control Manager. My problem required me to retrieve the SID for my local SQL Server Service. To make a short a long story, I ended up playing around with the service names and IDs, such as the command below.
C:\>sc showsid trustedinstaller




sc-showsid-trustedinstaller

Why I started doing this? for nothing. Sheer curiosity, fishing for something new to learn. Then I came across this service called “NSA Secret Listener”.

C:\>sc showsid 032789_NSASecretListener




sc-showsid-nsa-secret-listener

Note that it has a hardcoded numeric value at the beginning, which I believe it was put there on purpose just so it does not become so obvious..but again why use the NSA name on it and why this prefix?

Obviously we can see that the service has the status: Inactive; however I am curious to see the reasoning behind it.

Another point: If I run the command to get the display description, it shows that the service does not exists. “Security by obscurity” maybe?

sc-showsid-nsa-secret-listener-does-not-exists


Anyone has any hints? I would love to know the ins-and-outs of it.

No comments:

Post a Comment