Service Unqouted Path

CMD

Discover all services with "Unquoted Path" vulnerability

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Get more details of a service using Service Name

sc qc <SERVICE NAME>

To check SeShutdownPrivilege privilege for current user

whoami /priv

Checking the ACLs of the "Unquoted Path" recursively

// Path = Drive:\<PATH1>\<PATH2>\<SERVICE>.exe
icacls Drive:\<PATH1>
icacls Drive:\<PATH1>\<PATH2>
icacls Drive:\<PATH1>\<PATH2>\<SERVICE>.exe

PowerUp

Enumerate all vulnerable services and configurations

Invoke-AllChecks

Enumerate all services with unquotes path

Get-ServiceUnquoted

Enumerate all services with weak service permissions

Get-ModifiableService

PreviousPowerShell RemotingNextModifiable Service

Last updated