Nssm-2.24 Privilege Escalation ((link))

They then check for NSSM-managed services by looking for display names or descriptions containing "NSSM" or by inspecting the binary path:

sc config vuln_svc binPath= "C:\evil\shell.exe" sc stop vuln_svc sc start vuln_svc

The following products and versions have been identified as vulnerable to NSSM-related privilege escalation vulnerabilities: nssm-2.24 privilege escalation

Rather than placing the nssm.exe binary in Program Files or shared application directories, move it to a dedicated secure location with restricted permissions.

In the ecosystem of Windows system administration, few tools are as beloved yet as misunderstood as the Non-Sucking Service Manager (NSSM). For years, NSSM has been the go-to solution for developers and sysadmins needing to run executable files (batch scripts, Python apps, or Node.js servers) as Windows services. Its ability to automatically restart crashed processes and its intuitive GUI have made it a staple. They then check for NSSM-managed services by looking

There are two primary vectors through which an attacker uses NSSM to escalate privileges: 1. Insecure File and Folder Permissions (Weak ACLs)

: If a service created by NSSM has a path containing spaces and is not enclosed in quotation marks (e.g., C:\Program Files\My Service\nssm.exe Its ability to automatically restart crashed processes and

Attackers can install additional backdoors, rootkits, and persistence mechanisms that remain undetected for extended periods, turning the compromised system into a long-term foothold.

The attacker stops and restarts the service (if they have SERVICE_START and SERVICE_STOP rights) or waits for a system reboot:

Verify that low-privileged accounts cannot modify the registry keys associated with Windows services.

NSSM (Non-Sucking Service Manager) version 2.24 (and possibly prior versions)