Privilege Escalation | Nssm-2.24

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.

Always ensure that when setting up services with NSSM, the path to nssm.exe and the application it manages are enclosed in quotes, particularly if the path contains spaces.

If the Users or Everyone security group is granted or Full Control (F) access to the directory containing nssm.exe , or to the binary itself, the system becomes completely vulnerable. The Attack Vector Breakdown (CVSS:3.1 / 7.8 High) nssm-2.24 privilege escalation

Use security auditing tools to scan for unquoted service paths ( [wmic service get name,displayname,pathname,startmode](https://microsoft.com) ).

: Version 2.24 was released in 2014 and remains the standard "stable" version bundled with many older applications. This public link is valid for 7 days

The Non-Sucking Service Manager (NSSM) is a popular, open-source utility designed to run native Windows applications as services. Because it excels at handling applications that aren't natively designed to run in the background, it is frequently used by system administrators and software developers.

NSSM stores its configuration parameters within the Windows Registry under the following path: HKLM\SYSTEM\CurrentControlSet\Services\ \Parameters Can’t copy the link right now

If the output shows (M) (Modify) or (F) (Full Control) for BUILTIN\Users or NT AUTHORITY\Authenticated Users , the directory is unsafe. 3. Executing the Escalation

The Non-Sucking Service Manager (NSSM) is a lightweight, open-source utility designed to simplify the creation and management of Windows services. Unlike Microsoft's built-in sc command or legacy tools like srvany , NSSM offers a more robust solution, automatically handling restarts for crashed applications and providing detailed logging. It is particularly favored by developers and system administrators for wrapping any standard executable (console apps, scripts, Java JARs, Node.js servers) into a fully-fledged Windows service.