Windows privilege escalation: Unquoted Service Path

by

🤓Title: Windows privilege escalation: Unquoted Service Path

🤓Vulnerability:

privilege escalation

🤓Description:

In Microsoft Windows when a service whose executable path contains spaces and isn’t enclosed within quotes, leads to a vulnerability known as Unquoted Service Path.

The processthreadsapi.h creates a new process and its primary thread. The new process runs in the security context of the calling process. Official is here

Allows a user to gain 😱 THE SAME 😱 #privileges under which the vulnerable service is running.

🤓How to find

Doing enumeration

Using PowerUp,ps1

With sysinternals suite: Accesschk.exe tool

🤓How to use:

💥 Unquoted Service Path: c:\program files\vuln folder\vulnservice.exe

💥 Windows tries to interpret path in order:

☠ c:\program.exe

☠ c:\program files\vuln.exe

☠ c:\program files\vuln folder\program.exe

☠ c:\program files\vuln folder\program vulnservice.exe

👇 👇 👇

More interesting content is there

subscribe to newsletter

and receive weekly update from our blog

By submitting your information, you're giving us permission to email you. You may unsubscribe at any time.

Leave a Comment

Discover more from #cybertechtalk

Subscribe now to keep reading and get access to the full archive.

Continue reading