Nssm-2.24 Privilege Escalation <WORKING>

Summary

# As standard user bob sc qc vuln_svc :: Output shows SERVICE_CHANGE_CONFIG permission present.

This vulnerability affects versions 21.0.0 through 23.0.18. The flaw allows any authenticated local user to substitute any executable for the nssm.exe service because all files in the install directory inherit overly permissive NTFS permissions. A subsequent service or server restart then runs the substituted binary with Administrator privileges . nssm-2.24 privilege escalation

Understanding "NSSM-2.24 Privilege Escalation": Vulnerabilities, Mechanics, and Mitigation

The most significant risk with NSSM 2.24 is the vulnerability. This occurs when the path to the nssm.exe binary or the application it manages contains spaces and is not enclosed in quotation marks. Summary # As standard user bob sc qc

Privilege escalation involving NSSM 2.24 generally stems from two primary vectors: and Insecure Registry Permissions . 1. Insecure File Permissions (Weak Folder ACLs)

Understanding the technical vulnerabilities is only half the battle. To truly appreciate the threat, it is essential to walk through the steps an attacker would take to exploit these flaws in a real-world environment. A subsequent service or server restart then runs

: Use sc qc [ServiceName] to check for unquoted paths or insecure binary locations.

MyCustomService MyCustomService "C:\Program Files\NSSM\nssm.exe" Auto Use code with caution. Step 2: Checking Permissions (The Flaw)