A dangerous weakness exists in NSSM (Non-Sucking Service Manager) versions 2.24 and below. If an attacker has (standard user) access to a system where an NSSM service runs as SYSTEM , they can trivially escalate to NT AUTHORITY\SYSTEM by abusing the service’s binary path.
Would you like a of how to detect weak NSSM service configurations instead? nssm-2.24 privilege escalation
NSSM stores its configuration in the Windows Registry under HKLM\System\CurrentControlSet\Services\ \Parameters . A dangerous weakness exists in NSSM (Non-Sucking Service
On a vulnerable system, this file will be created by SYSTEM . On a patched system, NSSM will reject the change due to validation errors. NSSM stores its configuration in the Windows Registry
: Regularly monitor and audit service configurations and system calls to detect and respond to potential exploitation attempts.
: Ensure that NSSM and related services are running with the least privileges necessary to perform their functions.
Typical exploitation scenarios