: Used nssm-2.24 to create malicious services (like sysmon ) to launch tunneling tools like Ngrok.
: If a low-privileged user has write access to the root directory (e.g., C:\ ), they can place a malicious binary named Program.exe there. When the service restarts, Windows executes the malicious file with the elevated privileges of the service (often LocalSystem ). 2. Insecure Permissions on NSSM.exe Pelco VideoXpert 1.12.105 - Local Privilege Escalation nssm-2.24 privilege escalation
The primary method for escalating privileges via NSSM 2.24 involves . If an administrator installs a service using NSSM and the path to the executable contains spaces but no quotation marks (e.g., C:\Program Files\Service Name\nssm.exe ), Windows will search for and attempt to execute files in the following order: C:\Program.exe C:\Program Files\Service.exe C:\Program Files\Service Name\nssm.exe : Used nssm-2