-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathUnquoted_Service_Path_Detection.txt
More file actions
28 lines (21 loc) · 995 Bytes
/
Unquoted_Service_Path_Detection.txt
File metadata and controls
28 lines (21 loc) · 995 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Step to discover Unquoted Service Path:
C:\> wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
program_vul program_vul program_vul_path Auto
# Service info
C:\>sc qc "program_vul"
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: BOOTP Turbo
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: program_vul_path(C:\Program Files\program_vul_path.exe)
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : BOOTP Turbo
DEPENDENCIAS : Nsi
: Afd
: NetBT
: Tcpip
NOMBRE_INICIO_SERVICIO: LocalSystem
#Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.