When in the service definition path there is no quotes, the path can be interpreted differently by the OS.
A service path with c:\progam files\sub dir\program name can be seen as follow !
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
If you have write access then place you trick at the right place and the OS will run it for you with the service rights.
Command to find all pathname services without quotes :
wmic service get name,displayname,pathname,startmode |findstr /i “auto” |findstr /i /v “c:\windows\” |findstr /i /v “””
Then query more details on the service
sc query “servicename”
get rights of the folders : icacls “c:\Program Files”
Mitigation :
run Regedit and browse to HKLM\SYSTEM\CurrentControlSet\services
and add “” quotes to the pathName !
There are tools which automates these checks like : SharpUp and Seatbelt
0
Recent Comments