Nssm-2.24 Privilege Escalation

: The vulnerability involves manipulating the service configuration to execute commands with higher privileges than those granted to the user executing the NSSM service.

Another variant is when the NSSM executable itself ( nssm.exe ) is placed in a directory where a low-privileged user has write access. An attacker can replace the legitimate nssm.exe with a malicious binary. When the service runs, it executes the malicious binary with elevated SYSTEM privileges. 3. Example Scenario: Exploiting NSSM 2.24 nssm-2.24 privilege escalation

type C:\ProgramData\poc.txt

NSSM (Non-Sucking Service Manager) version 2.24 is a popular open-source utility for running executables as Windows services. While the tool itself is generally considered legitimate, version 2.24 has been linked to various local privilege escalation (LPE) vulnerabilities, often due to how it is integrated by third-party installers rather than a fundamental flaw in its own binary. Key Privilege Escalation Vectors When the service runs, it executes the malicious

The attacker changes the binPath to point to a malicious executable they control: While the tool itself is generally considered legitimate,

The service path is discovered to be C:\Program Files\Application Path\nssm.exe without quotes.