Ethical Hacking Academy · Lesson

Service Misconfigurations

Unquoted paths, weak perms.

Services as a Vector

Windows services often run as SYSTEM and start automatically. A misconfigured service — weak permissions, a hijackable binary path, or a writable executable — lets you run code as SYSTEM.

Unquoted Service Paths

If a service's binary path contains spaces and is not quoted, Windows tries each space-delimited prefix with .exe. For C:\Program Files\My App\svc.exe it tries C:\Program.exe, then C:\Program Files\My.exe, etc.

wmic service get Name,PathName,StartName | findstr /i /v "\""

All lessons in this course

Windows Enumeration
Service Misconfigurations
Token Impersonation
Credential Harvesting

← Back to Ethical Hacking Academy