Lab - Public Service Announcement

How do I get the EvilWindowsService.exe setup and started to compromise the Unquoted Service Path?

There is a service on the Windows server that is vulnerable to an Unquoted Service Path attack. Identify the service path, then compromise it using the EvilWindowsService.exe file on the desktop.

If successful, you will see a flag in the Application event logs (look for Simple Service Event ID 0). Use the flag to answer the question on the Tasks tab.

This attack is explained in this lab: Cybrary In Part 3.

Thank you, Joseph. I circled back to Part 3: Explore Unquoted Service Paths Lab exercise for a review, then successfully completed the Public Service Announcement Lab.

1 Like