nssm-2.24 privilege escalation
nssm-2.24 privilege escalation

ALTA GROUP

KONTAKT
SR / EN

Nssm-2.24 Privilege Escalation Instant

sc config vuln_svc binPath= "C:\evil\shell.exe" sc stop vuln_svc sc start vuln_svc

The service runs as (by default for manually installed services), executing malware.exe with the highest privileges. nssm-2.24 privilege escalation

If a low-privileged user can write a file named Program.exe in C:\ , the Windows Service Control Manager (SCM) will execute that malicious file instead of the actual nssm.exe when the service restarts. How the Attack Works (Scenario) sc config vuln_svc binPath= "C:\evil\shell

: Because NSSM is a legitimate tool for managing services, threat actors often use it to establish persistence nssm-2.24 privilege escalation

Organizations using affected applications should immediately apply vendor-supplied patches:

NSSM 2.24 restarts App.exe , executing the payload as SYSTEM . 3. Misconfiguration of the NSSM.exe Binary