Let’s start by enumerating the services.
sq query
Now let’s search for vulnerable services.
shell sc query | findstr /i vulns
Now let’s start escalation!
Let’s start by ettin the service name and the paths.
run wmic service get name, pathname
notice that Service One is not qouted!
Now let’s see our permissions on it
powershell Get-Acl -Path "C:\\Program Files\\Vulnerable Services" | fl
as we see we can create files!
we can automate the process usin sharpup!