Service Binary Hijacking

One of the most common mistakes developers make is in the permission assigned to the installation folders and the executables. When full read and write permission is assigned to every user of the group, then a lower privileged user can modify and abuse the binary.

The user can replace the binary with a malicious one, the either restart the service/application or reboot the system if the application is set of auto start at boot.

The first step is to list out all the applications folders, which can be done using the command.

Then the permission of each of the folders and executables can be checked using icacls tool using

The binary can be checked for Start Up Type using .

If the auto start is set then we can check whether the user has permission to restart the system using the .

The system can be restarted using this .

PreviousWindows PE Checklist NextImportant Files

Last updated 1 year ago

Was this helpful?

Service Binary Hijacking

The user can replace the binary with a malicious one, the either restart the service/application or reboot the system if the application is set of auto start at boot.

The first step is to list out all the applications folders, which can be done using the command.

Then the permission of each of the folders and executables can be checked using icacls tool using

The binary can be checked for Start Up Type using .

If the auto start is set then we can check whether the user has permission to restart the system using the .

The system can be restarted using this .

PreviousWindows PE Checklist NextImportant Files

Last updated 1 year ago

Was this helpful?