notice that this service is not unquoted and running as system
look at this
look and the service path it has a space between it’s parts and it’s not quoted so what that mean is
when executing the service the system will read the path as the following
C:\\Program --> what system read
and will dorp Files\\OpenSSH\\sshd.exe what system drop when unquoted
now let’s start enumerating the unquoted services
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\\windows\\\\" |findstr /i /v """
as we see the sshd.exe pop out now let’s query the service
as we said before it’s unquoted and running as a system
now let’s check if we have write permissions for the c:\
icacls c:\\
okay unfortunately we don’t have write permissions so for educational purpose we will do this as admins