Dear all,
I’ve completed the Windows Services learning path and figured I’d take a shot at the Public Service Announcement Practice lab.
However I can’t seem to find any services that are vulnerable to an unquoted service path attack; the wording in the instructions “There is a service on the Windows server that is vulnerable to an Unquoted Service Path attack” makes it sound to me like there already is a vulnerable service running, and you don’t have to introduce one like you did during the Windows Service learning.
I’ve tried enumerating using the:
wmic service get name,displayname,startmode,pathname | findstr /i /v "C:\Windows\\" |findstr /i /v """
and several variations thereof, as well as the ps command:
Get-WmiObject -class Win32_Service -Property Name, DisplayName, PathName, StartMode | Where {$_.PathName -notlike "C:\Windows*" -and $_.PathName -notlike '"*'} | select Name,DisplayName,StartMode,PathName
But have come up empty handed so far.
Please advice.