Hackzzz - The Notebook

Unquoted Path Service

Permissions: User

In the image above you are seeing how we have a vulnerable service that is unquoted to exploit.

Brief Explanation

The way to exploit this vulnerability is to place a malicious executable somewhere in the service path and name it in a way that starts with the first few letters of the next directory in the service path. When the service starts, it will then execute the evil binary and grant remote SYSTEM access.

In the following Image we see how naming our backdoor the way that starts the name of the directory that is the service we want to exploit and restarting it, we get a shell on our attaking machine.

PreviousWindows Privilege Escalation NextAbusing the Golden Privileges

Last updated 1 year ago