Nssm-2.24 Privilege Escalation Portable -
Windows Privilege Escalation — Part 1 (Unquoted Service Path)
: If a service path contains spaces (e.g., C:\Program Files\NSSM\nssm.exe ) and is not enclosed in double quotes, Windows will look for executables at every break.
The most common ways privilege escalation occurs involving NSSM 2.24 include: 1. Insecure File Permissions nssm-2.24 privilege escalation
: Implement strict controls on who can modify service configurations. Only administrators should have the ability to create or modify services.
Look for:
In the ecosystem of Windows system administration, few tools are as beloved yet as misunderstood as the Non-Sucking Service Manager (NSSM). For years, NSSM has been the go-to solution for developers and sysadmins needing to run executable files (batch scripts, Python apps, or Node.js servers) as Windows services. Its ability to automatically restart crashed processes and its intuitive GUI have made it a staple.
.\nssm.exe set ElevationTest Application "cmd.exe /c echo SYSTEM LEVEL > C:\ProgramData\poc.txt" Windows Privilege Escalation — Part 1 (Unquoted Service
This is the most frequent cause of NSSM-related local privilege escalation.
: Due to its known behavior and role in historical vulnerabilities (like the Odoo or CouchDB exploits), it is a favorite for Capture The Flag (CTF) challenges and penetration testing certifications. Only administrators should have the ability to create
Instead of running every NSSM service as "LocalSystem," use a Managed Service Account (MSA) with the minimum permissions required to perform its task. Summary Table Security Risk Discovery Find nssm.exe services Information gathering Analysis Check folder permissions Identifying weak ACLs Exploitation Replace binary with shell Execution of malicious code Escalation Service restarts Full SYSTEM compromise
: If a service path is C:\Program Files\Service\nssm.exe , Windows will attempt to execute files in this order: C:\Program.exe C:\Program Files\Service.exe C:\Program Files\Service\nssm.exe