Nssm-2.24 Exploit [2021] Page

– If an attacker can write to the directory where NSSM stores service configs ( HKLM\SYSTEM\CurrentControlSet\Services\... ), they can change the binary path to a malicious executable and restart the service.

try: # Create the malicious configuration file with open(config_file, "w") as f: f.write(f"[inet]\n") f.write(f" type= inet\n") f.write(f" exec= malicious_executable\n") nssm-2.24 exploit

If the path to nssm.exe contains spaces and is not enclosed in quotes (e.g., C:\Program Files\App\nssm.exe ), Windows may attempt to execute C:\Program.exe first. An attacker can place a malicious Program.exe in the root directory to intercept the service start. Known Bugs in Version 2.24 – If an attacker can write to the

Attackers who can write to a world-writable folder like C:\ could plant a malicious My.exe . Again, this is an OS-level design issue, not a buffer overflow in NSSM. An attacker can place a malicious Program